a1d878a92c72b9a8e83825f6413e73726d3fb65b8c12b45a8eebf5a92a8b9f4b

Analysis

max time kernel
9s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 10:56

Target

a1d878a92c72b9a8e83825f6413e73726d3fb65b8c12b45a8eebf5a92a8b9f4b.dll
Size

97KB
MD5

4b350b65923c463426244622807da21e
SHA1

93fa96d372b65f2f2f55eb866c22326d80a96ed0
SHA256

a1d878a92c72b9a8e83825f6413e73726d3fb65b8c12b45a8eebf5a92a8b9f4b
SHA512

4d4cb57fb67bc1be5822471c3e0f8359cbc0d6b8a60e5a85fdd15da1754fcb0804abc2a67d507a943bcc002b83e4794ac2dda76d73d26872d5a959cfe20b9a75
SSDEEP

1536:/xLK2OReR3CHq2vmY4yTd2qJSkIM4Jb1WgXY7f4TOLDdB:ZVOReRyHtvm3ygqIkjjr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1732	884	rundll32.exe	28
PID 884 wrote to memory of 1732	884	rundll32.exe	28
PID 884 wrote to memory of 1732	884	rundll32.exe	28
PID 884 wrote to memory of 1732	884	rundll32.exe	28
PID 884 wrote to memory of 1732	884	rundll32.exe	28
PID 884 wrote to memory of 1732	884	rundll32.exe	28
PID 884 wrote to memory of 1732	884	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1d878a92c72b9a8e83825f6413e73726d3fb65b8c12b45a8eebf5a92a8b9f4b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1d878a92c72b9a8e83825f6413e73726d3fb65b8c12b45a8eebf5a92a8b9f4b.dll,#1
  2⤵
  PID:1732

memory/1732-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download