41f38d77facf3b9e07ec2a6b7f4d278e551dbf301fd72d8c238ccf34eca57907

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29-05-2023 07:31

Target

41f38d77facf3b9e07ec2a6b7f4d278e551dbf301fd72d8c238ccf34eca57907.dll
Size

131KB
MD5

ee0ba9cce49e2d5ea76f287a837464a6
SHA1

e1626bbf9de45b65e5f3055d142795442146711f
SHA256

41f38d77facf3b9e07ec2a6b7f4d278e551dbf301fd72d8c238ccf34eca57907
SHA512

1e46ba251c4c6ac9b9bd4d706b54b79050d594ac642a3a88305501dcb6c7e6beddd012afc51dba4c638fc2ac93af3563501c076cc36dad522eeaaea56d1918c7
SSDEEP

3072:8CK5/j4AtjaTf7m5nik8pU38cUCm4hosax:8D/ETb7q8pUscrmJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1208 wrote to memory of 1288	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1288	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1288	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1288	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1288	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1288	1208	rundll32.exe	rundll32.exe
PID 1208 wrote to memory of 1288	1208	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41f38d77facf3b9e07ec2a6b7f4d278e551dbf301fd72d8c238ccf34eca57907.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1208

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41f38d77facf3b9e07ec2a6b7f4d278e551dbf301fd72d8c238ccf34eca57907.dll,#1
2⤵
PID:1288

memory/1288-54-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download