49f8d6c158976e191879016272a6304a3812caae8b2ff3a131fe9f561d748db0

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 02:25

Target

49f8d6c158976e191879016272a6304a3812caae8b2ff3a131fe9f561d748db0.dll
Size

81KB
MD5

48d718eb075b56879f4625b2d89a52b1
SHA1

774b88a799d419013f872c021c3a1d35161101d5
SHA256

49f8d6c158976e191879016272a6304a3812caae8b2ff3a131fe9f561d748db0
SHA512

c97b346562c5a630f2e48aa89c6197b9cc2a998f4245f7a3aa4264e83e27cc2e41ca3adb3dfc4ce92f24850175a0973f5e3c5d0345601dc34fb932cf3d393895
SSDEEP

1536:7m+MLJydcjDXnF5QvMpeVKAudiLtbTIgfgLUWj:7YrjDMCeVXOi6goN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27
PID 1516 wrote to memory of 2012	1516	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49f8d6c158976e191879016272a6304a3812caae8b2ff3a131fe9f561d748db0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49f8d6c158976e191879016272a6304a3812caae8b2ff3a131fe9f561d748db0.dll,#1
  2⤵
  PID:2012

memory/2012-55-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download
memory/2012-56-0x0000000000200000-0x000000000020F000-memory.dmp

Filesize
60KB

Download
memory/2012-57-0x0000000000250000-0x000000000025F000-memory.dmp

Filesize
60KB

Download