296a337640deeb74ddc5f86a19fc92e8b2fbce16b01dd9996999d3b3abc9ce70

Resubmissions

02/11/2023, 21:52

02/11/2023, 21:51

02/11/2023, 21:48

02/11/2023, 21:38

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 21:52

Target

fSdyz.dll
Size

1.5MB
MD5

6a4d12e59028d4783f19bf7b50281602
SHA1

0dab8ca7b5a7a3ac6864c609adc2bb959acfcc7d
SHA256

296a337640deeb74ddc5f86a19fc92e8b2fbce16b01dd9996999d3b3abc9ce70
SHA512

86896d9700d791a8c27b0acf9b52c2f2fec7bfd52da799cfa7618c2f84f682aa40d92fdd56caf31d5b897ea6a95cbae8fed119fd7e84a3a806a367988c3e5880
SSDEEP

24576:5DOgw7fYbK9s3kW3CG3vQ3snpRgATIhxXmbVeViiqP1oAmEJDeuvXjDcTq:5DOdfYbK9sZvw8QDXwkiinA5Veu/jDD

Score

1^/10

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1696	2220	rundll32.exe	28
PID 2220 wrote to memory of 1696	2220	rundll32.exe	28
PID 2220 wrote to memory of 1696	2220	rundll32.exe	28
PID 2220 wrote to memory of 1696	2220	rundll32.exe	28
PID 2220 wrote to memory of 1696	2220	rundll32.exe	28
PID 2220 wrote to memory of 1696	2220	rundll32.exe	28
PID 2220 wrote to memory of 1696	2220	rundll32.exe	28
PID 2956 wrote to memory of 2036	2956	cmd.exe	36
PID 2956 wrote to memory of 2036	2956	cmd.exe	36
PID 2956 wrote to memory of 2036	2956	cmd.exe	36
PID 2036 wrote to memory of 2168	2036	rundll32.exe	37
PID 2036 wrote to memory of 2168	2036	rundll32.exe	37
PID 2036 wrote to memory of 2168	2036	rundll32.exe	37
PID 2036 wrote to memory of 2168	2036	rundll32.exe	37
PID 2036 wrote to memory of 2168	2036	rundll32.exe	37
PID 2036 wrote to memory of 2168	2036	rundll32.exe	37
PID 2036 wrote to memory of 2168	2036	rundll32.exe	37

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fSdyz.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fSdyz.dll,#1
  2⤵
  PID:1696

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\system32\rundll32.exe
  rundll32 fSdyz.dll, Crash
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32 fSdyz.dll, Crash
    3⤵
    PID:2168

memory/2168-0-0x0000000000160000-0x0000000000163000-memory.dmp

Filesize
12KB

Download
memory/2168-1-0x0000000000B30000-0x0000000000C00000-memory.dmp

Filesize
832KB

Download