46f04accaf96ed5d01afaa83913020f744c3e0aea99ecbbbba45ac5e1635e848

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 04:38

Target

46f04accaf96ed5d01afaa83913020f744c3e0aea99ecbbbba45ac5e1635e848.dll
Size

19KB
MD5

83ac5304fa029988f0f5cd1c738133f0
SHA1

38f6a7218355179185276cff9696ece055da5a08
SHA256

46f04accaf96ed5d01afaa83913020f744c3e0aea99ecbbbba45ac5e1635e848
SHA512

e6cf3371aa6fdb00af64d2cbef705b28475e7cbefa2a04d8862c1a432395b89f356331a2de7caaab025739812b9498da1bc3575a25daac860877574ac7a5c123
SSDEEP

384:ilDsaG4rN9uegBSwRzslZvw9nOcl1M1CnuCWddPYqYEVJcWwDW:iloadJ9UB1ReS9nplICnuC4dABes

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46f04accaf96ed5d01afaa83913020f744c3e0aea99ecbbbba45ac5e1635e848.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46f04accaf96ed5d01afaa83913020f744c3e0aea99ecbbbba45ac5e1635e848.dll,#1
  2⤵
  PID:1536

memory/1536-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1536-56-0x00000000719C1000-0x00000000719C5000-memory.dmp

Filesize
16KB

Download