ff1b42ea7d56a37eae801adbddb7116f52a4664c0b41302736f522852edc2747

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
20/12/2022, 13:16

Target

ff1b42ea7d56a37eae801adbddb7116f52a4664c0b41302736f522852edc2747.dll
Size

16KB
MD5

89ac57478044c57c7195943116a521e0
SHA1

1ff2bafeed795423e3538d810bda8e1e3fcdcfa5
SHA256

ff1b42ea7d56a37eae801adbddb7116f52a4664c0b41302736f522852edc2747
SHA512

9f4da352fe302a47fd6f115609de4beecc6f37e9eeaea11e2bf976048f845aa38235d4f8c2b5f95a0cdbd8383dad8278d5b6f6f38ef61d88b963d50f1cdfd83e
SSDEEP

384:ZONLg914I6zogz2y0sCuj4jjjBQnDaeD9Kv:Zeg91Q5CLuj4jjjB5e

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2040	2000	rundll32.exe	28
PID 2000 wrote to memory of 2040	2000	rundll32.exe	28
PID 2000 wrote to memory of 2040	2000	rundll32.exe	28
PID 2000 wrote to memory of 2040	2000	rundll32.exe	28
PID 2000 wrote to memory of 2040	2000	rundll32.exe	28
PID 2000 wrote to memory of 2040	2000	rundll32.exe	28
PID 2000 wrote to memory of 2040	2000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff1b42ea7d56a37eae801adbddb7116f52a4664c0b41302736f522852edc2747.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff1b42ea7d56a37eae801adbddb7116f52a4664c0b41302736f522852edc2747.dll,#1
  2⤵
  PID:2040

memory/2040-55-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download