c5178cd1bb5c096f9fd9bf755523966cce692becaa9a4ed7f6ba95eaf5b1005a

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 20:12

Target

c5178cd1bb5c096f9fd9bf755523966cce692becaa9a4ed7f6ba95eaf5b1005a.dll
Size

86KB
MD5

5399947535b2552c35acaad63c007e3f
SHA1

9fdb784121e276e4017bb056ceb1b422fbbcf7d5
SHA256

c5178cd1bb5c096f9fd9bf755523966cce692becaa9a4ed7f6ba95eaf5b1005a
SHA512

8feaa15cefc0014c1307b56cc0f71183ed60c29256fb881a95b0da99de7a599d039ed5192f31c0bc9eedf53d57d7aa1b16cad6dfd5513f54dc78e1f67a461336
SSDEEP

1536:meGhUZS2qCbTzxGQ1vMpaDXRPlw1tBZ75qTufkmxxorqmYyJxBbGV1hkg:/YUoCbTzZUpaDXRPlwD/5qtmxxorqmYP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1292	1416	rundll32.exe	26
PID 1416 wrote to memory of 1292	1416	rundll32.exe	26
PID 1416 wrote to memory of 1292	1416	rundll32.exe	26
PID 1416 wrote to memory of 1292	1416	rundll32.exe	26
PID 1416 wrote to memory of 1292	1416	rundll32.exe	26
PID 1416 wrote to memory of 1292	1416	rundll32.exe	26
PID 1416 wrote to memory of 1292	1416	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5178cd1bb5c096f9fd9bf755523966cce692becaa9a4ed7f6ba95eaf5b1005a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5178cd1bb5c096f9fd9bf755523966cce692becaa9a4ed7f6ba95eaf5b1005a.dll,#1
  2⤵
  PID:1292

memory/1292-55-0x0000000075E81000-0x0000000075E83000-memory.dmp

Filesize
8KB

Download
memory/1292-56-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1292-57-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download