9bc048402230c86762b85c3f950e7a6c4f78f089daba02f5ccf682a8385715f7

Analysis

max time kernel
13s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 19:46

Target

9bc048402230c86762b85c3f950e7a6c4f78f089daba02f5ccf682a8385715f7.dll
Size

52KB
MD5

7dfae1b1d618e975275a3755c014e22b
SHA1

da1ba69f90803fb5f1c8e4c4f974f1f371d16bb3
SHA256

9bc048402230c86762b85c3f950e7a6c4f78f089daba02f5ccf682a8385715f7
SHA512

61b4883e6e9e0e83c9c17770d5dd3dd6f3790b1673c2d1549c107b402f7e3bb160684656ef2404e6ddd02508ca185caa318171785120a76a9716b2461309bfd4
SSDEEP

768:WOMzv4Lc1hJ4Qbk6OKF23F8mmCMLsAVOKyS7Xo9XD:orSHA23F8mmCyZVEKol

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1888	2016	rundll32.exe	28
PID 2016 wrote to memory of 1888	2016	rundll32.exe	28
PID 2016 wrote to memory of 1888	2016	rundll32.exe	28
PID 2016 wrote to memory of 1888	2016	rundll32.exe	28
PID 2016 wrote to memory of 1888	2016	rundll32.exe	28
PID 2016 wrote to memory of 1888	2016	rundll32.exe	28
PID 2016 wrote to memory of 1888	2016	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bc048402230c86762b85c3f950e7a6c4f78f089daba02f5ccf682a8385715f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bc048402230c86762b85c3f950e7a6c4f78f089daba02f5ccf682a8385715f7.dll,#1
  2⤵
  PID:1888

memory/1888-55-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/1888-56-0x0000000000B00000-0x0000000000BD6000-memory.dmp

Filesize
856KB

Download