52131c0e08121cb27e44a53ce640620b8c9948488494a69e4eeb981ba9b40e24

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 03:47

Target

52131c0e08121cb27e44a53ce640620b8c9948488494a69e4eeb981ba9b40e24.dll
Size

81KB
MD5

2275a944ff660b2f40c9d3f4fa2e9bf0
SHA1

d86c87655989f56ee97245e3ffd010ebee107cc2
SHA256

52131c0e08121cb27e44a53ce640620b8c9948488494a69e4eeb981ba9b40e24
SHA512

517c1fc91fd86b25af26b6ec98bca28a1b387ea656eaa16a5a6c2ed9eeae197d4c2616c634def13896a974c21a61a10f20158f210b3327507277df506c779f64
SSDEEP

1536:5jRmOkiCAVr03qDIsiP+CP/z6HwLB6gpPB6Z131sSVfNp16z:xfkiXwqDJiW0Wfg/EtLp16z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1456	1408	rundll32.exe	27
PID 1408 wrote to memory of 1456	1408	rundll32.exe	27
PID 1408 wrote to memory of 1456	1408	rundll32.exe	27
PID 1408 wrote to memory of 1456	1408	rundll32.exe	27
PID 1408 wrote to memory of 1456	1408	rundll32.exe	27
PID 1408 wrote to memory of 1456	1408	rundll32.exe	27
PID 1408 wrote to memory of 1456	1408	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52131c0e08121cb27e44a53ce640620b8c9948488494a69e4eeb981ba9b40e24.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52131c0e08121cb27e44a53ce640620b8c9948488494a69e4eeb981ba9b40e24.dll,#1
  2⤵
  PID:1456

memory/1456-54-0x0000000000000000-mapping.dmp

Download
memory/1456-55-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download