8d6631479ff318e05f980f5768a33d45106bb1aadaf837cb45e590bf04ead3cf

Resubmissions

01-02-2023 15:02

01-02-2023 15:01

max time kernel
0s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 15:01

Target

57723.dll
Size

640KB
MD5

3cced5135a0e9a92004c9de71a8d510d
SHA1

943b6aac6bc5346982e3dcd5373fde4d783d4042
SHA256

8d6631479ff318e05f980f5768a33d45106bb1aadaf837cb45e590bf04ead3cf
SHA512

aa5ae93a5a6ccc23bc062087ff1fbbff0c3dd8cfd4cb1e2f1efffaaa542763846a09253b0e42d2615b000f8ec6d8615df863b993d559e6807dec99c9b8af496b
SSDEEP

12288:QljQRl3iZwl3JBrySD9CkkgC28DWl0RJK2LgAN4c1DJ92trs1tTe3+uZ:Q9WZiZCCMCkkBRDeSjcjc1DJ92ts1tiJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 2008	996	rundll32.exe	27
PID 996 wrote to memory of 2008	996	rundll32.exe	27
PID 996 wrote to memory of 2008	996	rundll32.exe	27
PID 996 wrote to memory of 2008	996	rundll32.exe	27
PID 996 wrote to memory of 2008	996	rundll32.exe	27
PID 996 wrote to memory of 2008	996	rundll32.exe	27
PID 996 wrote to memory of 2008	996	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57723.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57723.dll,#1
  2⤵
  PID:2008

memory/2008-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download