4990c1e64be8c483a12f930a8f8a05601f5c4296582f4d501ef6a8a73d140a17

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 05:00

Target

4990c1e64be8c483a12f930a8f8a05601f5c4296582f4d501ef6a8a73d140a17.dll
Size

53KB
MD5

05f558c4c68c46bdb643394630958d9d
SHA1

c4e1cb6a87d35afad9fc892bcff7ce3486c385ad
SHA256

4990c1e64be8c483a12f930a8f8a05601f5c4296582f4d501ef6a8a73d140a17
SHA512

7fa6a17129a8b7698e7770b1e12195d177c18257b4fc6e8d3cebd3efbedd9609d7ee24c2175f67181db76f7d0147a4a6c44f8309a68b926771c7d1bde5e622d3
SSDEEP

1536:4xFcH1W3/Zg+MqfnXPhetFl3ZKDZtIbAwWiOW:YQWPKxYPAtFrqIMwWiOW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27
PID 304 wrote to memory of 1144	304	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4990c1e64be8c483a12f930a8f8a05601f5c4296582f4d501ef6a8a73d140a17.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4990c1e64be8c483a12f930a8f8a05601f5c4296582f4d501ef6a8a73d140a17.dll,#1
  2⤵
  PID:1144

memory/1144-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download