5afda7c47d9e6e37e37e2ad6881fb0657832f3ab6b8e90d86a8c3f43ec663048

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 20:07

Target

5afda7c47d9e6e37e37e2ad6881fb0657832f3ab6b8e90d86a8c3f43ec663048.dll
Size

100KB
MD5

362067834b5d66a2d9ac69e8b07c49fa
SHA1

6a850452951aafe6cfae814f519ed6ef60c59e29
SHA256

5afda7c47d9e6e37e37e2ad6881fb0657832f3ab6b8e90d86a8c3f43ec663048
SHA512

d8345dc99a75409cea6c6d100e95f4e845984e3d8a1d494b1674c206467e1a8167efb6cd1ea0159bcc41589fd6911132c719da1d721cce5333df44f6430bcf6f
SSDEEP

1536:2moLIIWdNE9jv4LsBgIBX2k/X2y8U42/qRd247rBe6cuiMIkba:f2RWdNEp4Ls20myX2yjdb47FMbkba

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26
PID 2020 wrote to memory of 1472	2020	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afda7c47d9e6e37e37e2ad6881fb0657832f3ab6b8e90d86a8c3f43ec663048.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5afda7c47d9e6e37e37e2ad6881fb0657832f3ab6b8e90d86a8c3f43ec663048.dll,#1
  2⤵
  PID:1472

memory/1472-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download