b35f9a5a4d2e3d96ea9903242c6b994a5b2ba7945e9dfd56b7800b69d23a3454

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-04-2023 19:36

Target

b35f9a5a4d2e3d96ea9903242c6b994a5b2ba7945e9dfd56b7800b69d23a3454.dll
Size

288KB
MD5

0fa67fd68d8c7ba17974e7a81e605fe1
SHA1

5dffa09ce50dbc0ae65043b83639a08798adb715
SHA256

b35f9a5a4d2e3d96ea9903242c6b994a5b2ba7945e9dfd56b7800b69d23a3454
SHA512

c4a991a6b63216f8563e61ed1078c0626e5ce2986972b15a234dfd70249eed2e3f00c314f0d6270b32630ce283a75bb5bf9ae04f57622aef7f962eab89c73b5e
SSDEEP

6144:9a1u2LHzb7Jy+xfxFAUuhIqCkjIKsKxmxsZ4:Y1u2LHzb7Jy+xfxFAUuhI9kZsKy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1296 wrote to memory of 1416	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1416	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1416	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1416	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1416	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1416	1296	rundll32.exe	rundll32.exe
PID 1296 wrote to memory of 1416	1296	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b35f9a5a4d2e3d96ea9903242c6b994a5b2ba7945e9dfd56b7800b69d23a3454.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1296

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b35f9a5a4d2e3d96ea9903242c6b994a5b2ba7945e9dfd56b7800b69d23a3454.dll,#1
2⤵
PID:1416