fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6

Analysis

max time kernel
25s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 07:03

Target

fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll
Size

10KB
MD5

0a5fcf55fced048cfbc51355752bd849
SHA1

7369fa465dd43cc60848cf08218cafefa59e005b
SHA256

fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6
SHA512

dd4696a7d4a99c628101153265f6bc74a2af01844e977c9f036c3e12fd27f652ce247fa27b7e6e6fe28c682a0bba87cb7bdbdfda039063263648a2388f053baa
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92bj:6dHad/N20IypWak8dWiWak8EdW7H

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll,#1
  2⤵
  PID:1952

memory/1952-54-0x0000000000000000-mapping.dmp

Download
memory/1952-55-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1952-56-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download