50acbf7adfba548ea1749eb7e306935c154ee5fedca341f23e62045b680615b9

Analysis

max time kernel
42s
max time network
65s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 05:02

Target

50acbf7adfba548ea1749eb7e306935c154ee5fedca341f23e62045b680615b9.dll
Size

62KB
MD5

08615ac6b866b199319ee3d75402fc90
SHA1

222488f93ebdad5c843c1610a7b8711468133b8c
SHA256

50acbf7adfba548ea1749eb7e306935c154ee5fedca341f23e62045b680615b9
SHA512

fc4f8503fa7642201595888969fff5c791efe01db270d62ba95502ce53134ffb29881370f540c3c1ac87d36ff662bb9812c2c7bd176876d039b43e71c9b8f8b7
SSDEEP

1536:EGxOhVtAl+qi5gn4Tmpt9wgbgIv8x9OdjF3i3eK:EG4tHqgE4TIwwld53i3L

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 1008	1076	rundll32.exe	28
PID 1076 wrote to memory of 1008	1076	rundll32.exe	28
PID 1076 wrote to memory of 1008	1076	rundll32.exe	28
PID 1076 wrote to memory of 1008	1076	rundll32.exe	28
PID 1076 wrote to memory of 1008	1076	rundll32.exe	28
PID 1076 wrote to memory of 1008	1076	rundll32.exe	28
PID 1076 wrote to memory of 1008	1076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50acbf7adfba548ea1749eb7e306935c154ee5fedca341f23e62045b680615b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50acbf7adfba548ea1749eb7e306935c154ee5fedca341f23e62045b680615b9.dll,#1
  2⤵
  PID:1008

memory/1008-54-0x0000000000000000-mapping.dmp

Download
memory/1008-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download