ff61a376b8118ad160ba4aab594860bb0b9b8607e8ad9f60c34eef4040ad51a5

Analysis

max time kernel
5s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09/02/2023, 03:20

Target

ff61a376b8118ad160ba4aab594860bb0b9b8607e8ad9f60c34eef4040ad51a5.dll
Size

60KB
MD5

967fc9d519e0f80d723987eaa08fd8e4
SHA1

f1b7ce54f8ef9f83bcf0d9c6b311fee367eadaff
SHA256

ff61a376b8118ad160ba4aab594860bb0b9b8607e8ad9f60c34eef4040ad51a5
SHA512

1ad0e78bf9134491ec0fc5a82bf9bdc9b8d266f3e0b1ffdc0be0c78ee865724e688f6841db6578608d89490e4e9e9a432c031758787387f70307bd38c6fa4e9e
SSDEEP

768:7QiiKvtjxQ5EKSbDFRJp/8pl9WAmXnfhcnaG6Fq4oyw84Up9GfJcDf:HdtdQ5HSnjopCNboy7GfCD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 820 wrote to memory of 2032	820	rundll32.exe	27
PID 820 wrote to memory of 2032	820	rundll32.exe	27
PID 820 wrote to memory of 2032	820	rundll32.exe	27
PID 820 wrote to memory of 2032	820	rundll32.exe	27
PID 820 wrote to memory of 2032	820	rundll32.exe	27
PID 820 wrote to memory of 2032	820	rundll32.exe	27
PID 820 wrote to memory of 2032	820	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff61a376b8118ad160ba4aab594860bb0b9b8607e8ad9f60c34eef4040ad51a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff61a376b8118ad160ba4aab594860bb0b9b8607e8ad9f60c34eef4040ad51a5.dll,#1
  2⤵
  PID:2032

memory/2032-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download