5864eb2d61a040a2a64615fc024654c7f9ff879f7efbde37ce47434435dc51fb

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 09:56

Target

5864eb2d61a040a2a64615fc024654c7f9ff879f7efbde37ce47434435dc51fb.dll
Size

77KB
MD5

3ffa6a7c10d53e258e6f5eb06f6634f0
SHA1

8a28a05608785cbca9610c5ca6f4d1a2928eb5ad
SHA256

5864eb2d61a040a2a64615fc024654c7f9ff879f7efbde37ce47434435dc51fb
SHA512

f03724f3dcb04844c6a1b1f43d47576cc388b83bd4f35f05ae1e14d5ca7c63c8f1784525f7415a1ac7ae8c0004dd56fc4560756e404d1854b96a0c86ae3399ff
SSDEEP

1536:c+WmsuL8yN4xoi0AcR73fc8vsWjcdSsuvqB:3WUAJaQSsuiB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 360 wrote to memory of 1108	360	rundll32.exe	27
PID 360 wrote to memory of 1108	360	rundll32.exe	27
PID 360 wrote to memory of 1108	360	rundll32.exe	27
PID 360 wrote to memory of 1108	360	rundll32.exe	27
PID 360 wrote to memory of 1108	360	rundll32.exe	27
PID 360 wrote to memory of 1108	360	rundll32.exe	27
PID 360 wrote to memory of 1108	360	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5864eb2d61a040a2a64615fc024654c7f9ff879f7efbde37ce47434435dc51fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5864eb2d61a040a2a64615fc024654c7f9ff879f7efbde37ce47434435dc51fb.dll,#1
  2⤵
  PID:1108

memory/1108-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download