5022e323c75096a010cf02889c8e34c738086cbbea1e9a6583f26b31d6313fcc

Analysis

max time kernel
11s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 02:14

Target

5022e323c75096a010cf02889c8e34c738086cbbea1e9a6583f26b31d6313fcc.dll
Size

7KB
MD5

4b7d14566828e210693ad9e6697e8b10
SHA1

5a29d8211cb2af83ee6525a4d0f2c9dcabcf0e2b
SHA256

5022e323c75096a010cf02889c8e34c738086cbbea1e9a6583f26b31d6313fcc
SHA512

db4a9b4b170f4d16f37eaf72a5ed17bdac9ffbf4f9ce47dd5cb8a3f5222d96ea545231d63a87c9d379067d2cbe374691c2f888f1483901d67f6ed2b77c63b611
SSDEEP

192:kXIwbdfKOzcDuGE4J1doummmA67FkKRvBmfrF:gNfK2MuGE4J1doummmA67KKRvBmfrF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 1672	1836	rundll32.exe	28
PID 1836 wrote to memory of 1672	1836	rundll32.exe	28
PID 1836 wrote to memory of 1672	1836	rundll32.exe	28
PID 1836 wrote to memory of 1672	1836	rundll32.exe	28
PID 1836 wrote to memory of 1672	1836	rundll32.exe	28
PID 1836 wrote to memory of 1672	1836	rundll32.exe	28
PID 1836 wrote to memory of 1672	1836	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5022e323c75096a010cf02889c8e34c738086cbbea1e9a6583f26b31d6313fcc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5022e323c75096a010cf02889c8e34c738086cbbea1e9a6583f26b31d6313fcc.dll,#1
  2⤵
  PID:1672

memory/1672-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download