45a05a5131863505877e2a910086ca11ae8619c06ab84c8ba659282aaf67ac13

Analysis

max time kernel
58s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 08:43

Target

45a05a5131863505877e2a910086ca11ae8619c06ab84c8ba659282aaf67ac13.dll
Size

24KB
MD5

1e3afb6ecb9db5666b497ba83eb0c479
SHA1

dc4bcd78ef2c5a1dd86e1224d279e7edcfb66e25
SHA256

45a05a5131863505877e2a910086ca11ae8619c06ab84c8ba659282aaf67ac13
SHA512

a3e374dc313315cb01e116ae8c9cd698d5221366aa4fcf43af1a79f672f4bbae1f2bd6eb37ffaf7049b348a489b005d1d6a9e4790ba4893d6e98b861a5683565
SSDEEP

384:8OsdJOrDxhLSF4/JfFcTJW4W150VsNJLf/ygIloOHEqQCttUHIvwRd5OWOPGA6OP:tdhfIJq0abf2EqQOf4Rd5OWO+A6eRVf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 972	1648	rundll32.exe	28
PID 1648 wrote to memory of 972	1648	rundll32.exe	28
PID 1648 wrote to memory of 972	1648	rundll32.exe	28
PID 1648 wrote to memory of 972	1648	rundll32.exe	28
PID 1648 wrote to memory of 972	1648	rundll32.exe	28
PID 1648 wrote to memory of 972	1648	rundll32.exe	28
PID 1648 wrote to memory of 972	1648	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45a05a5131863505877e2a910086ca11ae8619c06ab84c8ba659282aaf67ac13.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45a05a5131863505877e2a910086ca11ae8619c06ab84c8ba659282aaf67ac13.dll,#1
  2⤵
  PID:972

memory/972-54-0x0000000000000000-mapping.dmp

Download
memory/972-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download