f054d07dccf8f200ea3838160e34aedceb0c7111d1434e6f0863f610e574a460

Analysis

max time kernel
229s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 13:59

Target

libbind9.dll
Size

92KB
MD5

7800722532df3363088cacfa5c564e84
SHA1

7941f3536e56248e5177b67212bae2fda42d2434
SHA256

b6064e7ca5f48a088fc447035ba46f0c13680e05b9ff4f1f0475d0f225da2e39
SHA512

592b20d34d27863bcebba8e021f3641e9d4ee0270c4e5d2bc83caf3dcc969adabb291a546ba8bca893d0c3a617d77c7b3832aa7ec59389f23e09c4754a0afc24
SSDEEP

768:tlKNGsRjOK56IFXxzgioBidbEUvtVmayzKKzzf1IJ3xIzUjmUpp0XPrPOn:nKfxOOyindjvt4aG9IVuzUjmUpgPri

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 3776	1952	rundll32.exe	86
PID 1952 wrote to memory of 3776	1952	rundll32.exe	86
PID 1952 wrote to memory of 3776	1952	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libbind9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libbind9.dll,#1
  2⤵
  PID:3776

memory/3776-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download