5ca7ccd312871a20cc5a35e3b115266fe8a9ceb3470844597d73a0ed8013c2b7

Analysis

max time kernel
46s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:14

Target

5ca7ccd312871a20cc5a35e3b115266fe8a9ceb3470844597d73a0ed8013c2b7.dll
Size

489KB
MD5

a6efe263acc794a212647a96e52ddf1f
SHA1

d6970b0cb217a87f22bccecbfd7090ca2e9966ee
SHA256

5ca7ccd312871a20cc5a35e3b115266fe8a9ceb3470844597d73a0ed8013c2b7
SHA512

c905dd103432e6c5434f8ace865a81a9af390e2da27ef5410bd8db1e46fcae36015794e7ea4104295bfc01462e65f793f59ed086dedbba4409ac927389a6d508
SSDEEP

6144:Yq88D/aNTZP26JnCJVYa9aqtlUSigxtgrabTUsajM:lFap19Ta9tUhst/0pjM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1680 wrote to memory of 2012	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 2012	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 2012	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 2012	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 2012	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 2012	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 2012	1680	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ca7ccd312871a20cc5a35e3b115266fe8a9ceb3470844597d73a0ed8013c2b7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ca7ccd312871a20cc5a35e3b115266fe8a9ceb3470844597d73a0ed8013c2b7.dll,#1
2⤵
PID:2012

memory/2012-54-0x0000000000000000-mapping.dmp

Download
memory/2012-55-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download