4162b1b5cdba34eca02f13a7a04ecbde2c8844e4696d8f958e7e4d34309f3d21

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 22:30

Target

4162b1b5cdba34eca02f13a7a04ecbde2c8844e4696d8f958e7e4d34309f3d21.dll
Size

22KB
MD5

65e36f17baf259b407402626afe120ce
SHA1

ef99bc852745430aef021146ddd9321a9300a3a6
SHA256

4162b1b5cdba34eca02f13a7a04ecbde2c8844e4696d8f958e7e4d34309f3d21
SHA512

58ea4d3d1d4f22de00f5bd8ca10ae9b236a9a39adbf57b496233e5e1c81268d2dba20374f203c69a044d0bef9daf3ff46d0b8a466314c2c8674a869b992bca2a
SSDEEP

192:4yIiQMwzHUde4hv1fhlkklsZJ5ih3brBmnYtvAAilKH:lhQOh7ZmWNmYtQKH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4162b1b5cdba34eca02f13a7a04ecbde2c8844e4696d8f958e7e4d34309f3d21.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4162b1b5cdba34eca02f13a7a04ecbde2c8844e4696d8f958e7e4d34309f3d21.dll,#1
  2⤵
  PID:1980

memory/1980-55-0x0000000076141000-0x0000000076143000-memory.dmp

Filesize
8KB

Download