058fb9632f6e29323a11ef271b9e277fc5ebf5481fcbafd845cdbfdc81eab857

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 09:00

Target

058fb9632f6e29323a11ef271b9e277fc5ebf5481fcbafd845cdbfdc81eab857.dll
Size

339KB
MD5

64a7e7cce8d5d2790f79303d8a0e5140
SHA1

cc427da6539c7c73f198b65af79cf513a1110cc9
SHA256

058fb9632f6e29323a11ef271b9e277fc5ebf5481fcbafd845cdbfdc81eab857
SHA512

0fe7d6192ba2d76c7040a4e73ccc6754d57cac2765450200e4ba3984778f2d889e0935442f2eede474a268790cb858ac2770a44fa01c5283ddddc1de49464608
SSDEEP

6144:G2PTW8aPCYD1ALcHjVi8TcDRSCzpGCoaAzEJOrDrwqVKH8CrETBNpWt:PHaPCYD1A4DQlDBcKOrvxKH8KETo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27
PID 960 wrote to memory of 628	960	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\058fb9632f6e29323a11ef271b9e277fc5ebf5481fcbafd845cdbfdc81eab857.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\058fb9632f6e29323a11ef271b9e277fc5ebf5481fcbafd845cdbfdc81eab857.dll,#1
  2⤵
  PID:628

memory/628-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/628-56-0x0000000000200000-0x000000000025A000-memory.dmp

Filesize
360KB

Download