d509379a7e96b53dd0715def61bcd988253974b13928357bd9ee3e9c0b1991e4

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 10:55

Target

d509379a7e96b53dd0715def61bcd988253974b13928357bd9ee3e9c0b1991e4.dll
Size

82KB
MD5

0549531637c0c0e8ef80b65507c4f913
SHA1

89a16b2c8164e279926c752fc525cf1bdbbd7b80
SHA256

d509379a7e96b53dd0715def61bcd988253974b13928357bd9ee3e9c0b1991e4
SHA512

9942e8e2f415098c07a61cad35103909a019ae555aa876abbda39fec1c30a303de6cd7cff6384ad29f8984e1f0350a496b7d2a2439c12f7201c3e7329f48b0f9
SSDEEP

1536:kqKlQnkeUs8C9DtpLwySgHbCMleqHDE7+9XS2ggc:k5g8C/rSgHbBlef7+A2ggc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1020	1048	rundll32.exe	27
PID 1048 wrote to memory of 1020	1048	rundll32.exe	27
PID 1048 wrote to memory of 1020	1048	rundll32.exe	27
PID 1048 wrote to memory of 1020	1048	rundll32.exe	27
PID 1048 wrote to memory of 1020	1048	rundll32.exe	27
PID 1048 wrote to memory of 1020	1048	rundll32.exe	27
PID 1048 wrote to memory of 1020	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d509379a7e96b53dd0715def61bcd988253974b13928357bd9ee3e9c0b1991e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d509379a7e96b53dd0715def61bcd988253974b13928357bd9ee3e9c0b1991e4.dll,#1
  2⤵
  PID:1020

memory/1020-55-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download