99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f

Analysis

max time kernel
24s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 19:59

Target

99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll
Size

50KB
MD5

1841773d77d29668a41aea188a9b5071
SHA1

248b02383527a2fa71f1f4bc1cea5d7d605417b9
SHA256

99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f
SHA512

ffa4ffe833a8c475aa9061cfe8652a3f610cf989abe8558681a88885e75889838621c54458aad687c73e203a75de95c4bf5a76d6fb5ce22d251897ead151fdae
SSDEEP

768:9KLzd9toIO7vtW3ZOeomXVWCiDuk9vcbYlT34FhekoATlrAuFGaZfCrcu:KbtoIYeOuy9vcbOOohoAu8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 928	556	rundll32.exe	28
PID 556 wrote to memory of 928	556	rundll32.exe	28
PID 556 wrote to memory of 928	556	rundll32.exe	28
PID 556 wrote to memory of 928	556	rundll32.exe	28
PID 556 wrote to memory of 928	556	rundll32.exe	28
PID 556 wrote to memory of 928	556	rundll32.exe	28
PID 556 wrote to memory of 928	556	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll,#1
  2⤵
  PID:928

memory/928-55-0x0000000075F61000-0x0000000075F63000-memory.dmp

Filesize
8KB

Download