0154bb3efd3c49719178c9e37777fde39335142b3ff0f2b054f242c84fb0d443

Analysis

max time kernel
38s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 10:57

Target

0154bb3efd3c49719178c9e37777fde39335142b3ff0f2b054f242c84fb0d443.dll
Size

89KB
MD5

652efe81dc394098523da44f5b52e9d6
SHA1

7d13deac0e74cf53842e0b43026d6a0a78858795
SHA256

0154bb3efd3c49719178c9e37777fde39335142b3ff0f2b054f242c84fb0d443
SHA512

e03edd18711caf6906cdd76fef30753f52cb56f4af3deb705e06a35a150b564e17077cf29f4ce34ec0cdff267c3eb8611a637e53523752014a9cf63d4b85e5a7
SSDEEP

1536:x2owFdDdNRhTADvR5h6sQBuAAvpRWQdIzWg+gWtlJLTJftDFXAn:xhwbZNRpAj8sQwvp1dyWgvWtjFFNAn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26
PID 1584 wrote to memory of 1172	1584	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0154bb3efd3c49719178c9e37777fde39335142b3ff0f2b054f242c84fb0d443.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0154bb3efd3c49719178c9e37777fde39335142b3ff0f2b054f242c84fb0d443.dll,#1
  2⤵
  PID:1172

memory/1172-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download