4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854

Analysis

max time kernel
22s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14/10/2022, 10:36

Target

4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll
Size

5KB
MD5

63598debdc4926441dc0ea6041bb64c7
SHA1

1b637d9b3aa09f59f44958550f5aa1b456a43e26
SHA256

4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854
SHA512

48bd47b58061d44620f0d686b38583e01dd5dd85029968ba4e01afd57a6c06aa608762f48cbc2c640540ec59a4f57ac79c9538619e29c5e8408fc57e05b6fe34
SSDEEP

48:Ss0QejYDx6/gB5B65/ic/2hmm3YGebeTKurfUsMbiFpi86p5P4ZK3hfXfSB:z0QR9B6BvAwbi6xP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28
PID 1960 wrote to memory of 1948	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll,#1
  2⤵
  PID:1948

memory/1948-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download