07ca72bbaedbb178206f8b5d0c5635215e712b854217db93a66b518c5ee5b82c

Analysis

max time kernel
91s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2023, 18:12

Target

CONTROL VELOCIDAD INTERNET/Selfishnet win 7/Selfishnet win 7/Packet.dll
Size

84KB
MD5

9639b457636e43081671b140195ada01
SHA1

8d17feaecfa0593f2a32b6539332c3cf942ecb32
SHA256

6fa3b9f895315b60b3a8f29e15f494d6d272e5f8a2f81b342c7b6afcda91130c
SHA512

82c8a62a7cbbf187c1d66a8aa561c2cfebc936225719f4e2e66e084a3699c5c92e67bd9c00fc581a8bdb06d10722906c3bb9003ca85613f99dcca64d8c495f59
SSDEEP

1536:V3n2otEkF0Yoeguqk9f/77kETbUphlYkGzIxtXjuPX7:V3nph9f//TglSzIxtXjuP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 1820	1040	rundll32.exe	79
PID 1040 wrote to memory of 1820	1040	rundll32.exe	79
PID 1040 wrote to memory of 1820	1040	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CONTROL VELOCIDAD INTERNET\Selfishnet win 7\Selfishnet win 7\Packet.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\CONTROL VELOCIDAD INTERNET\Selfishnet win 7\Selfishnet win 7\Packet.dll",#1
  2⤵
  PID:1820

memory/1820-133-0x00000000005E0000-0x00000000005F1000-memory.dmp

Filesize
68KB

Download