8d3b5464f9127a495587c0bce600e7081d2d50fd44293416b8ff660333bac6b9

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
20/12/2022, 14:15

Target

8d3b5464f9127a495587c0bce600e7081d2d50fd44293416b8ff660333bac6b9.dll
Size

16KB
MD5

6dc95063f87001fa121c5ade18b3a134
SHA1

492b09d87e6773a43b96782c02bd21c2db0e6eef
SHA256

8d3b5464f9127a495587c0bce600e7081d2d50fd44293416b8ff660333bac6b9
SHA512

7a44b33db614b366e8bb365f78b855054775e9b295058daa82a2780a61fbe86470ff3a80ab30c0573428668328788839534da391a73990fc5a3f8211b1e00fd7
SSDEEP

24:e1GSgDSEhoCglIB6SXvVmMPGjvhBrDsqZ:SgDCllVImgGNBsG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28
PID 2028 wrote to memory of 2040	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d3b5464f9127a495587c0bce600e7081d2d50fd44293416b8ff660333bac6b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d3b5464f9127a495587c0bce600e7081d2d50fd44293416b8ff660333bac6b9.dll,#1
  2⤵
  PID:2040

memory/2040-55-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download