5b6bb43d2a0a07a9d002ac842303a0177267065503402f5ed8c2586566b90f25

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 00:10

Target

5b6bb43d2a0a07a9d002ac842303a0177267065503402f5ed8c2586566b90f25.dll
Size

82KB
MD5

64923abec52b1b338d622e925d333658
SHA1

797461ab08a355e2adb976f6fc1e380cc9363752
SHA256

5b6bb43d2a0a07a9d002ac842303a0177267065503402f5ed8c2586566b90f25
SHA512

81deac9851de13c453df81aa73aca5934929dde7e42008ee850176999f0b22e129c2b900d74e0342bd2c565e6ef9c4ac58c717715d9d94bf29af3770bcd8fb62
SSDEEP

1536:wvVoHbtGG8HLc/aKWSRMvcTfNER9Uww/lt9AsJTn6XMrVM3KA:nGGYcmcfNW9Uwg9JJTUMhM3T

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26
PID 1652 wrote to memory of 2008	1652	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b6bb43d2a0a07a9d002ac842303a0177267065503402f5ed8c2586566b90f25.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b6bb43d2a0a07a9d002ac842303a0177267065503402f5ed8c2586566b90f25.dll,#1
  2⤵
  PID:2008

memory/2008-55-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x0000000062EB0000-0x0000000062EC8000-memory.dmp

Filesize
96KB

Download