9dc1973f86c3eb466d209853d0677dfa5f536d81169dba4f1ed80fb75b965b18

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08/01/2023, 05:15

Target

9dc1973f86c3eb466d209853d0677dfa5f536d81169dba4f1ed80fb75b965b18.dll
Size

16KB
MD5

3f971b5df9ad95ccd25f4d56c0c296cf
SHA1

d7216fc8f5ab7e8fcf667110f13c8f21017b8ec4
SHA256

9dc1973f86c3eb466d209853d0677dfa5f536d81169dba4f1ed80fb75b965b18
SHA512

d1994ae8e8f121a995a24579571d0ddefd7d3375077a570aaab5a9648c0a7b88619c4254402e74d1828d370aebc8d155c05ae78148c952e31eae41e19d243b5e
SSDEEP

24:e1GSgDSEhOLCglIB6SXvVmMPCjvhBrDsqZ:SgDILllVImgCNBsG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 1200	1284	rundll32.exe	27
PID 1284 wrote to memory of 1200	1284	rundll32.exe	27
PID 1284 wrote to memory of 1200	1284	rundll32.exe	27
PID 1284 wrote to memory of 1200	1284	rundll32.exe	27
PID 1284 wrote to memory of 1200	1284	rundll32.exe	27
PID 1284 wrote to memory of 1200	1284	rundll32.exe	27
PID 1284 wrote to memory of 1200	1284	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dc1973f86c3eb466d209853d0677dfa5f536d81169dba4f1ed80fb75b965b18.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dc1973f86c3eb466d209853d0677dfa5f536d81169dba4f1ed80fb75b965b18.dll,#1
  2⤵
  PID:1200

memory/1200-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download