3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026

Analysis

max time kernel
29s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-06-2023 19:35

Target

3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll
Size

128KB
MD5

86be2e85b7dde6b50d6f39a42a188274
SHA1

8066a2e9b010fbc9e29aea806def8091d126e499
SHA256

3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026
SHA512

21d57b2e82d6d40192d274be0904eca2dc2afb6cb9abed8ef5d33a2167f6c6e274c877829a80c21c8378f8bcb6c14de1729410edb6b9a3bab7a885738f5e4da0
SSDEEP

3072:CwXImqM3deodCuXMRFaPj+2RqDazmmRBH65V3:Pp7RdO7N2w2zLMZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1232 wrote to memory of 1228	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 1228	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 1228	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 1228	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 1228	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 1228	1232	rundll32.exe	rundll32.exe
PID 1232 wrote to memory of 1228	1232	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1232

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll,#1
2⤵
PID:1228

memory/1228-54-0x0000000000190000-0x00000000001D1000-memory.dmp

Filesize
260KB

Download
memory/1228-55-0x0000000000190000-0x00000000001D1000-memory.dmp

Filesize
260KB

Download