92e5f4729d2dc8973bb44a049a8881c44125fd9672f6b9646074c249201a9671

Analysis

max time kernel
24s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:44

Target

92e5f4729d2dc8973bb44a049a8881c44125fd9672f6b9646074c249201a9671.dll
Size

6KB
MD5

3fd150f001eb6e5ac1ffea32fd9164a1
SHA1

ba15589dc88079883de8ea9b63fe9c06e9b7ced8
SHA256

92e5f4729d2dc8973bb44a049a8881c44125fd9672f6b9646074c249201a9671
SHA512

eff00af4b1ff08c75c9615b0ee4a3cca23360c799e51ca87bd43bd9511c4e21b0bdf2a46705bb28730b50411c48a6a2d23a86f86889908ce06b9c77c8a5b3305
SSDEEP

96:z0QR9B6BvAwbVdwlX7KTvpBydSHanw9mGHCPtb1oc:JR94/bVdWoynw9mfVbH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1560	904	rundll32.exe	27
PID 904 wrote to memory of 1560	904	rundll32.exe	27
PID 904 wrote to memory of 1560	904	rundll32.exe	27
PID 904 wrote to memory of 1560	904	rundll32.exe	27
PID 904 wrote to memory of 1560	904	rundll32.exe	27
PID 904 wrote to memory of 1560	904	rundll32.exe	27
PID 904 wrote to memory of 1560	904	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92e5f4729d2dc8973bb44a049a8881c44125fd9672f6b9646074c249201a9671.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\92e5f4729d2dc8973bb44a049a8881c44125fd9672f6b9646074c249201a9671.dll,#1
  2⤵
  PID:1560

memory/1560-54-0x0000000000000000-mapping.dmp

Download
memory/1560-55-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download