d536a0a51f73050bc0896142e42256bd684b4f0d28b92c68c6a7e76cb86d9a11

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
12-10-2022 17:02

Target

d536a0a51f73050bc0896142e42256bd684b4f0d28b92c68c6a7e76cb86d9a11.dll
Size

74KB
MD5

79bc13e6111b9fce7c25c63fecddb640
SHA1

2525e8b27a5c161817bb56021a4f5570786a962a
SHA256

d536a0a51f73050bc0896142e42256bd684b4f0d28b92c68c6a7e76cb86d9a11
SHA512

46a38fea14e4e77acf137dc49fc9c1affe0c5dcd4fdc37b91f4f981ec3f87fd0fd9190d787a85b2c33ec111550a6c25ae5c0dcfce839606b04facc43b5ee8267
SSDEEP

1536:+VZmwKDLAlsjuFzuzIqchUb6gWEIGNkTh3/yDrQNe6DRdCsZK4IXPWA3bIwM:KkwKDL8ol8BG6gWE9EhPyDrQNp7CsZKY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26
PID 1544 wrote to memory of 1584	1544	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d536a0a51f73050bc0896142e42256bd684b4f0d28b92c68c6a7e76cb86d9a11.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d536a0a51f73050bc0896142e42256bd684b4f0d28b92c68c6a7e76cb86d9a11.dll,#1
  2⤵
  PID:1584

memory/1584-55-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download