654227aa321024a69f5e0a5016d7597fbb30cb9bb4ed68d395be768b850ad56a

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 07:37

Target

654227aa321024a69f5e0a5016d7597fbb30cb9bb4ed68d395be768b850ad56a.dll
Size

5KB
MD5

69d7dcef927e5a7bd73cb278d0def3d0
SHA1

3c7de9fca134d222f2d8600c0c71a4a4a0a00da0
SHA256

654227aa321024a69f5e0a5016d7597fbb30cb9bb4ed68d395be768b850ad56a
SHA512

bf539eb0ce754fddae455f8beed14faaae5f8637baee5c7a698efdc89527f71da4f5cbc98a3fc32993d1db1a4963f8322025150fc1a5b7a41d0f6599fbd564e3
SSDEEP

96:6ikQX1kpHgLyqDMP2Y55DRe2vl9BM4YQ82dN:9XGecP2ExLvl9Bb7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\654227aa321024a69f5e0a5016d7597fbb30cb9bb4ed68d395be768b850ad56a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\654227aa321024a69f5e0a5016d7597fbb30cb9bb4ed68d395be768b850ad56a.dll,#1
  2⤵
  PID:1992

memory/1992-55-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download