488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9

Analysis

max time kernel
29s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 04:38

Target

488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9.dll
Size

37KB
MD5

92e9cde91e4d9657d66bae48f7ffd1ce
SHA1

6611a06022e5b5665bc5a43b5c68b5417b91ef67
SHA256

488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9
SHA512

c4e04f4eb12254f38cfcb4656597e93b5e7419f2c6a3b49f0abd65b6f2c7325a074c01aeb7c2b5c06ad9aa88a7dffe9019a659d05ac2060cdb01dc8ad107e7a8
SSDEEP

768:ItoC8iTBGo571TseLK97sXBj2rB8oZ7u4Uy:YqiTBG8pAP7ICqo9NUy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9.dll,#1
  2⤵
  PID:788

memory/788-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download