49907226c5ebe7941e883bc7e4f6f74fa9f272e3dd9730d660cebe41543bd9fc

Analysis

max time kernel
236s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:10

Target

49907226c5ebe7941e883bc7e4f6f74fa9f272e3dd9730d660cebe41543bd9fc.dll
Size

10KB
MD5

2d21e6446908fa2fde90b25951abb1ea
SHA1

a828fdddd2c327d27377c964b7c84b61bd128faf
SHA256

49907226c5ebe7941e883bc7e4f6f74fa9f272e3dd9730d660cebe41543bd9fc
SHA512

0688843e51f447ea5f96e1c9d0c0af4344b7de3120d91fa4d09c8d6e415d033976509c54d844ddaa95fae58f8af12af179068c73c5bc0eaff1bd13da2c068354
SSDEEP

192:41mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o92b:48jhdHad/z20IyFWakC84dWaWak8cdWj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 560 wrote to memory of 520	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 520	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 520	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 520	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 520	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 520	560	rundll32.exe	rundll32.exe
PID 560 wrote to memory of 520	560	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49907226c5ebe7941e883bc7e4f6f74fa9f272e3dd9730d660cebe41543bd9fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:560

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49907226c5ebe7941e883bc7e4f6f74fa9f272e3dd9730d660cebe41543bd9fc.dll,#1
2⤵
PID:520

memory/520-54-0x0000000000000000-mapping.dmp

Download
memory/520-55-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download
memory/520-56-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download