bb477db1d13d7bd3206af3bff4b4f31f7766d4cd251add59fe2e3739309ed69d

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 20:52

Target

bb477db1d13d7bd3206af3bff4b4f31f7766d4cd251add59fe2e3739309ed69d.dll
Size

19KB
MD5

0ebb97043e3c185fdc21c034e7f904c9
SHA1

6dbb748427bb1745c5ef4f59ee834311216ecd02
SHA256

bb477db1d13d7bd3206af3bff4b4f31f7766d4cd251add59fe2e3739309ed69d
SHA512

afeaffa1da52f92a2b83f2a6e1fd1c4c52e6de172167d6d66ff03424a42153af8a132bd4156b929a1bb7a52944b7c7c414667182a61da56d0e7c080bb6dca068
SSDEEP

384:wkSBqp66Gx3vTIa+T0thvMTl/t68CH28DTwQS:wkvpe3vTIa+AH/H/wD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2028	1764	rundll32.exe	26
PID 1764 wrote to memory of 2028	1764	rundll32.exe	26
PID 1764 wrote to memory of 2028	1764	rundll32.exe	26
PID 1764 wrote to memory of 2028	1764	rundll32.exe	26
PID 1764 wrote to memory of 2028	1764	rundll32.exe	26
PID 1764 wrote to memory of 2028	1764	rundll32.exe	26
PID 1764 wrote to memory of 2028	1764	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb477db1d13d7bd3206af3bff4b4f31f7766d4cd251add59fe2e3739309ed69d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb477db1d13d7bd3206af3bff4b4f31f7766d4cd251add59fe2e3739309ed69d.dll,#1
  2⤵
  PID:2028

memory/2028-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download