049c89a5959ee30abfa3a9d01e762ddb5fc97c67b6d7eb755c6d32f07f94850f

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 10:45

Target

049c89a5959ee30abfa3a9d01e762ddb5fc97c67b6d7eb755c6d32f07f94850f.dll
Size

4KB
MD5

a02a23cb0ee5e38c204c02831c9e9880
SHA1

2f5a70f03c7b0d111bc2a797fe2488096a14627b
SHA256

049c89a5959ee30abfa3a9d01e762ddb5fc97c67b6d7eb755c6d32f07f94850f
SHA512

bd819c567ef0108799944c530937dba0d5f4aee62f735fb7e0cf972314c83b0c48f4f33f61eb36dc3f2d6108694aec31274c661e3e05a86ea45f148e3e22e66a
SSDEEP

48:a5zjMTGcITBVQVE1lcjXxxexRS652M181ko5IEPb2:iT3Qu8jBxejS6tbo5tPi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26
PID 2036 wrote to memory of 544	2036	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\049c89a5959ee30abfa3a9d01e762ddb5fc97c67b6d7eb755c6d32f07f94850f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\049c89a5959ee30abfa3a9d01e762ddb5fc97c67b6d7eb755c6d32f07f94850f.dll,#1
  2⤵
  PID:544

memory/544-55-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download