3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 04:35

Target

3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll
Size

300KB
MD5

5ce56c5100e83633653a9eba854524ce
SHA1

cdeef6853b5dec0dee4748441b6df013c5967997
SHA256

3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458
SHA512

6744e90b7dd5734660da660ed2b143da1930230227e3b2084a2628dd84b34ccb8b538012ae1897627d24bdbbf635d74f41774720c361419384e51a169b39832c
SSDEEP

6144:YS08N/IjM1MvBjBk4WNFJoxtFti+nq9mgLGgAlk:YSnNAj8NJWPq9DLn+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll,#1
  2⤵
  PID:1112

memory/1112-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download