4d5bd690604d864099db38c024b5fb877cca672fda78adacf41569e219711060

Analysis

max time kernel
7s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 20:04

Target

4d5bd690604d864099db38c024b5fb877cca672fda78adacf41569e219711060.dll
Size

98KB
MD5

846c925dce5d69691d481c20a96d4f45
SHA1

f59f321197032e76929fd5643768f945fd720391
SHA256

4d5bd690604d864099db38c024b5fb877cca672fda78adacf41569e219711060
SHA512

33f784948727551fb34a3410e89305fe0850183471f23e2116a8491e6952251cb28f4f05704aabb383a45a0e5b64e569eb7e6f38f0bf0bc1ac359290280408a2
SSDEEP

1536:pn12GQV2E4XdYwTtYhju94Za9xs0GeU7b:x12t2EOdK0mR0G1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27
PID 1536 wrote to memory of 1728	1536	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d5bd690604d864099db38c024b5fb877cca672fda78adacf41569e219711060.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d5bd690604d864099db38c024b5fb877cca672fda78adacf41569e219711060.dll,#1
  2⤵
  PID:1728

memory/1728-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download