45cee2f51f7d42bc037aa44ea7ba13e5f0b6db29b5a9cbfb4c7f12015e0a6549

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 21:55

Target

45cee2f51f7d42bc037aa44ea7ba13e5f0b6db29b5a9cbfb4c7f12015e0a6549.dll
Size

28KB
MD5

00407b2eb55bb9a49b4184a139c44f00
SHA1

8aec8168c74280f4e7669280d1c209b180ca5baf
SHA256

45cee2f51f7d42bc037aa44ea7ba13e5f0b6db29b5a9cbfb4c7f12015e0a6549
SHA512

a6ecedd7e6144ce93a69c56b05442f8b814268b215e22dafc01cd89a8a05b24ca647a4867b57f4509a1cf57e90ff54b30ae40bc4e779bbfeb65015ef2f3cc696
SSDEEP

96:wg1+l2n11FhplC7N7lM1yljOB9ErQAQY:85rQAQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1604	1488	rundll32.exe	16
PID 1488 wrote to memory of 1604	1488	rundll32.exe	16
PID 1488 wrote to memory of 1604	1488	rundll32.exe	16
PID 1488 wrote to memory of 1604	1488	rundll32.exe	16
PID 1488 wrote to memory of 1604	1488	rundll32.exe	16
PID 1488 wrote to memory of 1604	1488	rundll32.exe	16
PID 1488 wrote to memory of 1604	1488	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45cee2f51f7d42bc037aa44ea7ba13e5f0b6db29b5a9cbfb4c7f12015e0a6549.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45cee2f51f7d42bc037aa44ea7ba13e5f0b6db29b5a9cbfb4c7f12015e0a6549.dll,#1
  2⤵
  PID:1604

memory/1604-55-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download