5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43

Analysis

max time kernel
30s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 00:04

Target

5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43.dll
Size

948KB
MD5

0c55b586059ea7c208413bbba7444090
SHA1

5422c90edb8e0d81cf9b275b63aa3e88170d988c
SHA256

5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43
SHA512

42343bb9327d9588cccc1c3bcc4a51d64e7c3e20647481cb12721aa2e5064bf8e9e7424c3e3dd4d6f5407ecc2e809aa4ee4117682e6d85b980655e40b4fee6fb
SSDEEP

24576:NrO0rAD0cfsgxKq8jQs4h5G/BGinTgyf:J3uJEV0nv+BGAV

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\Drivers\etc\hosts	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27
PID 1980 wrote to memory of 1992	1980	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43.dll,#1
  2⤵
  - Drops file in Drivers directory
  PID:1992

memory/1992-55-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download