54861a6c8d9358f45076586249cca2db99e55912c11560164ce46b9744299133

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 05:14

Target

54861a6c8d9358f45076586249cca2db99e55912c11560164ce46b9744299133.dll
Size

68KB
MD5

08e319f08f5d636dc35e539ae3fbb020
SHA1

703c5806b48ee7d6d080ebfe30dbc74b14d29e16
SHA256

54861a6c8d9358f45076586249cca2db99e55912c11560164ce46b9744299133
SHA512

1ce456cfeecf05a8fbfea8df8ca7e13ef582458769514b3dd11306a296248b6ca9bfc83084bcb65f4c5c303a92eaef6712071d51f4046577acd0e8f456da48c6
SSDEEP

1536:Bkvf2ibJ8xoN9JwnGgkoFe8S/U8QC0EYbig4Qz9f9:BkW0JPdwnFZMh/UlE+rz9l

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27
PID 1768 wrote to memory of 1284	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54861a6c8d9358f45076586249cca2db99e55912c11560164ce46b9744299133.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\54861a6c8d9358f45076586249cca2db99e55912c11560164ce46b9744299133.dll,#1
  2⤵
  PID:1284

memory/1284-54-0x0000000000000000-mapping.dmp

Download
memory/1284-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1284-56-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download
memory/1284-57-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download
memory/1284-58-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download