511377a22cd68002a1015970e0d91bb4227ff161a3705d8bb1c8abb07d5a11d3

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 03:36

Target

511377a22cd68002a1015970e0d91bb4227ff161a3705d8bb1c8abb07d5a11d3.dll
Size

8KB
MD5

65268e4bd82ba70d502a9c3f2f32b180
SHA1

37c3ef6bebbb24f57df7e94ce6b16c8089cdae71
SHA256

511377a22cd68002a1015970e0d91bb4227ff161a3705d8bb1c8abb07d5a11d3
SHA512

bc1b42d39491418549130383a98cc0bd6246b745a28649489204ed78f5e5ef17962b9e5a33aaf64544732634085fd443113c25ad543cd1f12478a635f8d47692
SSDEEP

96:z0/gPtJrYmVjGwd+8blPDDDDDDDDEZSFVirJG61JNeuwYGNac42PPCmQnQDSf7qD:FTiS+siZvMGPVtoQDf7R

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27
PID 304 wrote to memory of 1920	304	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\511377a22cd68002a1015970e0d91bb4227ff161a3705d8bb1c8abb07d5a11d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\511377a22cd68002a1015970e0d91bb4227ff161a3705d8bb1c8abb07d5a11d3.dll,#1
  2⤵
  PID:1920

memory/1920-54-0x0000000000000000-mapping.dmp

Download
memory/1920-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download