58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 20:15

Target

58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll
Size

152KB
MD5

a04c938a3bf7b649f6120b7b9d7893b5
SHA1

99b7fbcf2ec02ce1c2a5d94c05f359efd974588c
SHA256

58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55
SHA512

82d6663db00addb5789b93b8e0b70a61445b77d8924c0068c0660960fac89c83a92cc97ff079b081ae8c1cba22beab31e6b8dc56c5f6a72c013de0232d845b7f
SSDEEP

1536:KgI9IJkuvfZ/AuwBV/ixMSxzylHb/ZNoB4seHUvPJJw/bKSpYJ3XOOoSH/B:T6yxvfGBV/nVNseHiPDwDCToSH/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll,#1
  2⤵
  PID:548

memory/548-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/548-56-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download