55fbff3c2f94c220dd6eba0fbe70da2d7d3c7431b0900ba6b8f0de0677282d46

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 04:26

Target

55fbff3c2f94c220dd6eba0fbe70da2d7d3c7431b0900ba6b8f0de0677282d46.dll
Size

59KB
MD5

4d4a499e5621ee8a273f9dbd292a4a86
SHA1

434b51d1009b4866e425f1cc369960c7256985ff
SHA256

55fbff3c2f94c220dd6eba0fbe70da2d7d3c7431b0900ba6b8f0de0677282d46
SHA512

a70ce661dd81747b81e0230c4968946fd1778f929f82e6204671ccbf3cb404bc57d97e518a45f9b15f60c97e40fe2643975c7a191746104c2d34cf90decc277f
SSDEEP

1536:evNd39qLpQkvD7zFin1JsfNgVpMXA2abb8:StwXDPGJsfNgnMJa38

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55fbff3c2f94c220dd6eba0fbe70da2d7d3c7431b0900ba6b8f0de0677282d46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55fbff3c2f94c220dd6eba0fbe70da2d7d3c7431b0900ba6b8f0de0677282d46.dll,#1
  2⤵
  PID:1344

memory/1344-54-0x0000000000000000-mapping.dmp

Download
memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download