5aa82a921712932254b1185a86902a5ef8f2f18b66c8cdf18639bc64aaefdf30

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 01:19

Target

5aa82a921712932254b1185a86902a5ef8f2f18b66c8cdf18639bc64aaefdf30.dll
Size

174KB
MD5

5a55b65cdf9c32c465095dd800e78740
SHA1

7149900bcbcd125a6b8b49724123bd8f16e5eceb
SHA256

5aa82a921712932254b1185a86902a5ef8f2f18b66c8cdf18639bc64aaefdf30
SHA512

d582682b7d42fd01eeae90e8cfc3f8391cf375bd2fa493a50a826e53bb8b99e381dba32b6f682335f228eeabb8892489f886e9ff94fc72387cb6311103fee3f5
SSDEEP

3072:j78OFi+JlbAOHmhVjDvAbKp+Lr23Kk1Vk0N30wQi:j7vJjHkZAbkv7kfwQi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 2004	316	rundll32.exe	27
PID 316 wrote to memory of 2004	316	rundll32.exe	27
PID 316 wrote to memory of 2004	316	rundll32.exe	27
PID 316 wrote to memory of 2004	316	rundll32.exe	27
PID 316 wrote to memory of 2004	316	rundll32.exe	27
PID 316 wrote to memory of 2004	316	rundll32.exe	27
PID 316 wrote to memory of 2004	316	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa82a921712932254b1185a86902a5ef8f2f18b66c8cdf18639bc64aaefdf30.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa82a921712932254b1185a86902a5ef8f2f18b66c8cdf18639bc64aaefdf30.dll,#1
  2⤵
  PID:2004

memory/2004-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download