53a7a7f474ea8149a0d153efede55c568d9587d68ad141194cc74ba401eb3d1e

Analysis

max time kernel
69s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 19:35

Target

SecuriteInfo.com.Generic.ML.PUA.6501.21729.dll
Size

82KB
MD5

d7a0f275f8fc6eb57af9ef016d5c1397
SHA1

3b6f287ceb2f50f8c4591b8eb5e0a00c84470849
SHA256

53a7a7f474ea8149a0d153efede55c568d9587d68ad141194cc74ba401eb3d1e
SHA512

0d424cfba3ddde03afe2ca84a513cecb4c3c5c7314bb2c9165ea950e8f293d07d19a863d48ecb8351fa2178713e06ae4a191509933d204c4a28431837c391a51
SSDEEP

1536:3vPhBV1Ls2mfabERhZ+o1dGWKGzi6/lC+06iUUbsvuDCBVUH5ur:3vJBV1Ls2mfamv+o1dGWKGZt8dbsCCrv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1756 wrote to memory of 1984	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1984	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1984	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1984	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1984	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1984	1756	rundll32.exe	rundll32.exe
PID 1756 wrote to memory of 1984	1756	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.ML.PUA.6501.21729.dll,#1
- Suspicious use of WriteProcessMemory
PID:1756

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.ML.PUA.6501.21729.dll,#1
PID:1984

memory/1984-54-0x0000000000000000-mapping.dmp

Download
memory/1984-55-0x00000000763A1000-0x00000000763A3000-memory.dmp

Filesize
8KB

Download