97f2a0504162da2b2ee560140d81f1d764cf882b08804828068d8713f4abf9af

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 20:36

Target

97f2a0504162da2b2ee560140d81f1d764cf882b08804828068d8713f4abf9af.dll
Size

54KB
MD5

60f8e705b7058b54d7205cf68f89ffd0
SHA1

9139deebc3e047d32d8b02da8c7c7836649cf02c
SHA256

97f2a0504162da2b2ee560140d81f1d764cf882b08804828068d8713f4abf9af
SHA512

457f5fb9a6b57a891d079e8fa4fcddfd381703fae4c73d5dc3519467eafa47708f1830341c5647fc1dbb76b934a4094784dad075816062b5ae14d8734e118268
SSDEEP

768:nbY4lA0yN8JXKkhfmRGINNz6UlI8Xh+dyzuh58PLBdHG7APhVimR:EGvK5GIDzllRx+deuh5oBdmMPt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 1948	1444	rundll32.exe	27
PID 1444 wrote to memory of 1948	1444	rundll32.exe	27
PID 1444 wrote to memory of 1948	1444	rundll32.exe	27
PID 1444 wrote to memory of 1948	1444	rundll32.exe	27
PID 1444 wrote to memory of 1948	1444	rundll32.exe	27
PID 1444 wrote to memory of 1948	1444	rundll32.exe	27
PID 1444 wrote to memory of 1948	1444	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97f2a0504162da2b2ee560140d81f1d764cf882b08804828068d8713f4abf9af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\97f2a0504162da2b2ee560140d81f1d764cf882b08804828068d8713f4abf9af.dll,#1
  2⤵
  PID:1948

memory/1948-55-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download