b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 08:15

Target

b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba.dll
Size

76KB
MD5

4e588b0fc69fdb8953708fbdf2dc2f8c
SHA1

97384062b006405e9bd640fd591605770ee5fd68
SHA256

b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba
SHA512

71732c1b3aff033aefb73303012e93a4d551d2dc24210ec49efa1ec3b438150e1bbc011e7176c6cea5fd45e5dd0ac0a2359cc224786aca4b5891a030265865cd
SSDEEP

1536:piCTdIPXEYXLLDovZvcBCAAWay8dv1W/yr:4C5ZyLoWBCVdv1W

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 820	1128	rundll32.exe	27
PID 1128 wrote to memory of 820	1128	rundll32.exe	27
PID 1128 wrote to memory of 820	1128	rundll32.exe	27
PID 1128 wrote to memory of 820	1128	rundll32.exe	27
PID 1128 wrote to memory of 820	1128	rundll32.exe	27
PID 1128 wrote to memory of 820	1128	rundll32.exe	27
PID 1128 wrote to memory of 820	1128	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba.dll,#1
  2⤵
  PID:820

memory/820-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download
memory/820-56-0x00000000000F0000-0x000000000010D000-memory.dmp

Filesize
116KB

Download
memory/820-57-0x00000000000F0000-0x000000000010D000-memory.dmp

Filesize
116KB

Download
memory/820-58-0x00000000000F0000-0x000000000010D000-memory.dmp

Filesize
116KB

Download
memory/820-59-0x00000000000F0000-0x00000000000F6000-memory.dmp

Filesize
24KB

Download