955f5b9be3796f959f148200be80421babc878ae7ab8ba2793261f3e4a3f5e0f

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-06-2023 20:17

Target

955f5b9be3796f959f148200be80421babc878ae7ab8ba2793261f3e4a3f5e0f.dll
Size

378KB
MD5

6766ec13f7e0864a134b8c5a1500cd5c
SHA1

85b2833da819c997970a624625418657a8b261ab
SHA256

955f5b9be3796f959f148200be80421babc878ae7ab8ba2793261f3e4a3f5e0f
SHA512

816aa5d5c8a2f288c5f81435213809f752f758bba98ecc03ce0cbd7720d0fc6bdea699496fc36377d28d2555b78495d9af615da94fc7b7e7fd831e1701620b64
SSDEEP

6144:GfpY4U2Osp5RrYg3xnxKqn9RbLrj0b0TEAuNobzYabZqxHWkGFz/9edKmUB:GPHOsPRsgxxKmv+kuNo3YGZeWIK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 828 wrote to memory of 1220	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1220	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1220	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1220	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1220	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1220	828	rundll32.exe	rundll32.exe
PID 828 wrote to memory of 1220	828	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\955f5b9be3796f959f148200be80421babc878ae7ab8ba2793261f3e4a3f5e0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:828

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\955f5b9be3796f959f148200be80421babc878ae7ab8ba2793261f3e4a3f5e0f.dll,#1
2⤵
PID:1220

memory/1220-54-0x0000000001F10000-0x00000000021C0000-memory.dmp

Filesize
2.7MB

Download