684af54c3fa4bfc2b70975071f4aed177a5c0a2fde77b9eef2f258c035303185

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08/10/2022, 18:48

Target

684af54c3fa4bfc2b70975071f4aed177a5c0a2fde77b9eef2f258c035303185.dll
Size

536KB
MD5

5d460ed80d14d95f586da434ff384bb8
SHA1

4f9a16c884c4b1381bada6d94496bf635ebe7d77
SHA256

684af54c3fa4bfc2b70975071f4aed177a5c0a2fde77b9eef2f258c035303185
SHA512

b86b8109a6bb4ff17f534605321018f7a603ec50d5dc2bf8a9dc1bbb52a1a20f71150bead34a0bd891a06d74224d9ab3b679a0e0f739fa6cb8a990122fd4323a
SSDEEP

6144:gBWiCLsdU/HqL/mSuuUJ/UwnYvxtO9uDaAJD9Zgya48M7eaK6Uc542hDJ4mHMEIM:WCLspL/mwZtldxZgKeafUhc4mgiMY1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\684af54c3fa4bfc2b70975071f4aed177a5c0a2fde77b9eef2f258c035303185.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\684af54c3fa4bfc2b70975071f4aed177a5c0a2fde77b9eef2f258c035303185.dll,#1
  2⤵
  PID:1744

memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/1744-56-0x00000000002D0000-0x000000000035B000-memory.dmp

Filesize
556KB

Download