9f4d29161eab909556999d9aa6d67de08f2bd2e97d35624347cdc0f236677eca

Analysis

max time kernel
75s
max time network
79s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
04/07/2023, 20:08

Target

9f4d29161eab909556999d9aa6d67de08f2bd2e97d35624347cdc0f236677eca.dll
Size

452KB
MD5

e9f1c45ac17526662250b702e4423e4d
SHA1

de496bbea061a32d8096c935f575578e40d67457
SHA256

9f4d29161eab909556999d9aa6d67de08f2bd2e97d35624347cdc0f236677eca
SHA512

3e027ee893291d4eaf8a8c042c63e0675cc6705f2e22b903823b04430756093e2ab14ce7ba3f1e133d4506260ef0442c279b552dc91caf5fb70eb68dc94c7d81
SSDEEP

6144:f46cUvJDuC6QzyP8Jok98vtbpTkSu2UXe:hPvJDudQzRX8vtbpTkSou

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2360	2028	rundll32.exe	29
PID 2028 wrote to memory of 2360	2028	rundll32.exe	29
PID 2028 wrote to memory of 2360	2028	rundll32.exe	29
PID 2028 wrote to memory of 2360	2028	rundll32.exe	29
PID 2028 wrote to memory of 2360	2028	rundll32.exe	29
PID 2028 wrote to memory of 2360	2028	rundll32.exe	29
PID 2028 wrote to memory of 2360	2028	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4d29161eab909556999d9aa6d67de08f2bd2e97d35624347cdc0f236677eca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4d29161eab909556999d9aa6d67de08f2bd2e97d35624347cdc0f236677eca.dll,#1
  2⤵
  PID:2360

memory/2360-54-0x00000000001D0000-0x0000000000245000-memory.dmp

Filesize
468KB

Download