055ec9f38332dad0cdd32aea752caefdfd5bfd8f2be334191e12306c70e3a251

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 15:57

Target

055ec9f38332dad0cdd32aea752caefdfd5bfd8f2be334191e12306c70e3a251.dll
Size

58KB
MD5

90f7afd353d0c9d5c6065ce846cdd7e8
SHA1

10db1371a2607a4e32eb5dbc8beb10ea25d76bbe
SHA256

055ec9f38332dad0cdd32aea752caefdfd5bfd8f2be334191e12306c70e3a251
SHA512

1fdfc6fb36ec95ecae0b2b98519fb338b6db2152273ea18e8fa4294e20c9bdb20ecde94667037e8dacf4745d59080d9cf1067cd16173953a064ff0f6a15af0e6
SSDEEP

1536:yHZZWLLEiHhoRL/TlWlfnh7SgyQY4xdE28QNca:yHULdhoRUNy2hca

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26
PID 1960 wrote to memory of 1940	1960	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\055ec9f38332dad0cdd32aea752caefdfd5bfd8f2be334191e12306c70e3a251.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\055ec9f38332dad0cdd32aea752caefdfd5bfd8f2be334191e12306c70e3a251.dll,#1
  2⤵
  PID:1940

memory/1940-54-0x0000000000000000-mapping.dmp

Download
memory/1940-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download