4fedff8ac874e71d3dcb8ea4f8419b5ccbbb0e63fbb1edc194249e545607c33d

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 14:33

Target

4fedff8ac874e71d3dcb8ea4f8419b5ccbbb0e63fbb1edc194249e545607c33d.dll
Size

77KB
MD5

0f16e05ccddb34760f87b06d6d454c10
SHA1

ce328dbf3058a8508f2dbef96e6586a5ed0a336a
SHA256

4fedff8ac874e71d3dcb8ea4f8419b5ccbbb0e63fbb1edc194249e545607c33d
SHA512

8323a6c106db80047004a7a381cbc65ecbc308939fd965f2b43b472ec6338281af07c67fb78570872fc715ab6dd4e970ac78a6141495eff7914943f204234869
SSDEEP

1536:cpWmsuL8yN4xoi0AcR73fc8vsWjcdSQuPqM:4WUAJaQSQuCM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fedff8ac874e71d3dcb8ea4f8419b5ccbbb0e63fbb1edc194249e545607c33d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fedff8ac874e71d3dcb8ea4f8419b5ccbbb0e63fbb1edc194249e545607c33d.dll,#1
  2⤵
  PID:820

memory/820-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download