f56cf34bc8ad3abb0deffc90219c6cc40e9a0dfdc95f6c1d69d230e98cf53ba6

Analysis

max time kernel
17s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 08:44

Target

f56cf34bc8ad3abb0deffc90219c6cc40e9a0dfdc95f6c1d69d230e98cf53ba6.dll
Size

76KB
MD5

039452278e8766ef0024903f30e7e928
SHA1

47cda425f3fdb1473ec9d9b74bdc5246df393fa7
SHA256

f56cf34bc8ad3abb0deffc90219c6cc40e9a0dfdc95f6c1d69d230e98cf53ba6
SHA512

e10153944d1e4ef32f177181f2de22db87a6d4e2614cb3564e8887ae572e13032e8a51d861f68783ce337be850fb9d5bfe02c33a8f1140cfafeaea8ce0819daf
SSDEEP

1536:0SBGICmjXCTyBetAxhn+gPoHP+g6r437Ceo770AD:/BMmjXCoh+tHPlA4LCv7hD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f56cf34bc8ad3abb0deffc90219c6cc40e9a0dfdc95f6c1d69d230e98cf53ba6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f56cf34bc8ad3abb0deffc90219c6cc40e9a0dfdc95f6c1d69d230e98cf53ba6.dll,#1
  2⤵
  PID:1456

memory/1456-54-0x0000000000000000-mapping.dmp

Download
memory/1456-55-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download