5ff09d54ba1caed92b80f9933ce5daef4b9951ebdc380f73f031f1f2929df7d7

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24/11/2022, 04:34

Target

5ff09d54ba1caed92b80f9933ce5daef4b9951ebdc380f73f031f1f2929df7d7.dll
Size

1.7MB
MD5

705cb0dcdb5f2a5ab1d4e747cbc440ad
SHA1

1570441ec9c5a98b936db598e18b249aa7c9209b
SHA256

5ff09d54ba1caed92b80f9933ce5daef4b9951ebdc380f73f031f1f2929df7d7
SHA512

cc028333f5c7fb996133b82fa70bc7c2c0b54095d764e6dea540ff72bc5c79a658ed4fdb7f18387bca418aaef2f6d22049d8595300f433c4f7633eae676a8f40
SSDEEP

49152:KV/52FlrHRc40cM3J8bgdNPp5nrT/c/E/qu:9rHRcb+gvPn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff09d54ba1caed92b80f9933ce5daef4b9951ebdc380f73f031f1f2929df7d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff09d54ba1caed92b80f9933ce5daef4b9951ebdc380f73f031f1f2929df7d7.dll,#1
  2⤵
  PID:1488

memory/1488-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download