1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/02/2023, 14:16

Target

17129.dat.dll
Size

640KB
MD5

e64839d5ad542e22f9562ea492080e3e
SHA1

0ebcef14cd6dd4b91ece3af089b46eb0d8b2944c
SHA256

1b1a6b891687bea71774e3f1776b73fee79602f960eb9cae891ad2c5acb277cf
SHA512

8bc584538d992a576137996e95aaa15763f562846138065ba6b92dcc33907b054db06dc2af62214d6c701d9744b0d6bf95abc6b3561c44c397c8706c73144174
SSDEEP

12288:QljQRl3iZwl3JBrySD9CkkgC28DWl0RJK2LgAN4c1DJ92trs1tTe3+uZ:Q9WZiZCCMCkkBRDeSjcjc1DJ92ts1tyJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 1064	1032	rundll32.exe	28
PID 1032 wrote to memory of 1064	1032	rundll32.exe	28
PID 1032 wrote to memory of 1064	1032	rundll32.exe	28
PID 1032 wrote to memory of 1064	1032	rundll32.exe	28
PID 1032 wrote to memory of 1064	1032	rundll32.exe	28
PID 1032 wrote to memory of 1064	1032	rundll32.exe	28
PID 1032 wrote to memory of 1064	1032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17129.dat.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17129.dat.dll,#1
  2⤵
  PID:1064

memory/1064-55-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download