d1b08d997f7dbaf202dd42bc3a978218f234911aea77c290b2037912718ee66e

Analysis

max time kernel
3s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 20:30

Target

d1b08d997f7dbaf202dd42bc3a978218f234911aea77c290b2037912718ee66e.dll
Size

49KB
MD5

75bd5f86cbde78ea2a59f02975c822b0
SHA1

912686243f81fed39a351c8deeebcd775e0cf0b5
SHA256

d1b08d997f7dbaf202dd42bc3a978218f234911aea77c290b2037912718ee66e
SHA512

81da8640f077e6e6f551dc69272aa15bf462b46a8b24883d2625b3715a5e3e13d8919bf1292d4741f707af8c5caf55e39faeab1a91f64f923225df966f4c40f1
SSDEEP

768:e6gzP+ViK97Hcc9GVIxrXR+MW8ftWZkKRHz/xtKAGgUhM5zegih:e6PViKlP98grX88ftKTRHz/zKHgMM4gc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 316	268	rundll32.exe	28
PID 268 wrote to memory of 316	268	rundll32.exe	28
PID 268 wrote to memory of 316	268	rundll32.exe	28
PID 268 wrote to memory of 316	268	rundll32.exe	28
PID 268 wrote to memory of 316	268	rundll32.exe	28
PID 268 wrote to memory of 316	268	rundll32.exe	28
PID 268 wrote to memory of 316	268	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b08d997f7dbaf202dd42bc3a978218f234911aea77c290b2037912718ee66e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b08d997f7dbaf202dd42bc3a978218f234911aea77c290b2037912718ee66e.dll,#1
  2⤵
  PID:316

memory/316-55-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download