5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 20:12

Target

5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b.dll
Size

62KB
MD5

a38594046a350c8e428e6b1b675006a2
SHA1

574df9f28ee135523e5dbab737feb1d7e55db0ac
SHA256

5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b
SHA512

0b7e75ae54441b77d6c07e1442a9012c0315c61067e6550ef80c9c0585cefaf62d5ae5805e6d8fe1f1a772a8d1a83dd8d43c1e9a7a61cab6b5acaa692737a846
SSDEEP

1536:/7MYloVC9UD1T7t/nmZdo52FOm9C0JXlpV1u:A44C9Gpxyh9C05D7u

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26
PID 1376 wrote to memory of 840	1376	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5aa5e8a203d817b21f088c922bbb8d089768e248f6f71d2a7e1c221578a5561b.dll,#1
  2⤵
  PID:840

memory/840-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/840-56-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download
memory/840-57-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download
memory/840-58-0x0000000010000000-0x0000000010683000-memory.dmp

Filesize
6.5MB

Download