4061b4a37de72a0c0e00231e946eb6e7b3701dee58c2470b2ff456df59964768

Analysis

max time kernel
142s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/04/2023, 18:37

Target

4061b4a37de72a0c0e00231e946eb6e7b3701dee58c2470b2ff456df59964768.dll
Size

17KB
MD5

7ade91f091bcf7623a01da3e92279467
SHA1

f1d172dfd5f970c459c8a622bab198801f55c372
SHA256

4061b4a37de72a0c0e00231e946eb6e7b3701dee58c2470b2ff456df59964768
SHA512

b2bfc17346eda232ff2de86a6a25eef8b76e4bb97669d4c9a90f5ea8122353fa5c42d1da70b730ddd26807dcf80efad433aa232b7a42fea0beac410a74a0cbe3
SSDEEP

192:nDqeRwdb3enG2RxnSGzTcb7dYMnW0TYxm2pXEz4JWaULI7kbSHkFQc3psZ/Q99g7:DqzdeGQ/TcFPnW0wp0tekWo5s5eGZvXx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1632	1980	rundll32.exe	27
PID 1980 wrote to memory of 1632	1980	rundll32.exe	27
PID 1980 wrote to memory of 1632	1980	rundll32.exe	27
PID 1980 wrote to memory of 1632	1980	rundll32.exe	27
PID 1980 wrote to memory of 1632	1980	rundll32.exe	27
PID 1980 wrote to memory of 1632	1980	rundll32.exe	27
PID 1980 wrote to memory of 1632	1980	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4061b4a37de72a0c0e00231e946eb6e7b3701dee58c2470b2ff456df59964768.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4061b4a37de72a0c0e00231e946eb6e7b3701dee58c2470b2ff456df59964768.dll,#1
  2⤵
  PID:1632

memory/1632-54-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1632-55-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download