5bac590647f6eff0986f05d5f94d13107b067336459b3cea168d01fc1e1f5083

Analysis

max time kernel
45s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:00

Target

5bac590647f6eff0986f05d5f94d13107b067336459b3cea168d01fc1e1f5083.dll
Size

142KB
MD5

367b5babedb1a73f0d628a59fe33a621
SHA1

0fd0654d6c17de705666a80c791f85d254628dd2
SHA256

5bac590647f6eff0986f05d5f94d13107b067336459b3cea168d01fc1e1f5083
SHA512

704244c86a9b77ea3ed95aeac86df75ced207b5186d9d9f4c117319869e0ee768a608fb5cc9846a9b665cafda379a56854936a38394678b98a56ccb4999ac2b8
SSDEEP

1536:6Rw9k6k1FrHc5ToQCc2Ljvy9LZcQvrn9K3PXtmjQLeZGWoEe:/cHr8Zzkjq9LZFvjs3PXtmGWve

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bac590647f6eff0986f05d5f94d13107b067336459b3cea168d01fc1e1f5083.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bac590647f6eff0986f05d5f94d13107b067336459b3cea168d01fc1e1f5083.dll,#1
  2⤵
  PID:1988

memory/1988-54-0x0000000000000000-mapping.dmp

Download
memory/1988-55-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download