320fba78ab78d2cafa7f20bbf7eecd920c4fe0baa23b19586e903e885a162c51

Analysis

max time kernel
31s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 04:50

Target

320fba78ab78d2cafa7f20bbf7eecd920c4fe0baa23b19586e903e885a162c51.dll
Size

65KB
MD5

0fdbb76b2af29be6e051037a83c97460
SHA1

46a6739640e7bf884cf0e73d293858a131e10220
SHA256

320fba78ab78d2cafa7f20bbf7eecd920c4fe0baa23b19586e903e885a162c51
SHA512

e949d49973391fa2d123ffdbb567f9774819514021253b5304e59d3c71d2555d92e92a7f8008c2fc29c21b769c6de4b868391fa0c31f2377901645c2779ce13f
SSDEEP

1536:C3lut2L47vQkODCES8wFmasu6pqd5O7+vuQhwo:oluSeQkODCEDWm+urfYx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27
PID 904 wrote to memory of 1456	904	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\320fba78ab78d2cafa7f20bbf7eecd920c4fe0baa23b19586e903e885a162c51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\320fba78ab78d2cafa7f20bbf7eecd920c4fe0baa23b19586e903e885a162c51.dll,#1
  2⤵
  PID:1456

memory/1456-55-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download