5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 19:55

Target

5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2.dll
Size

164KB
MD5

87bd8c5f9da3c3fe4b58a9528280f595
SHA1

ddd6cf8bb2f06892a28ddf478e1f887a095acf77
SHA256

5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2
SHA512

ab2f66ddb808deb37111345a4ac742aefc850aaac90b2e961e7269dd1b6e3600cc1b7f0f8837d3cb04bd3dbaf1d63efc15fae11ecf2eb92bac94a58595922804
SSDEEP

3072:Gev4JC9CzfHkxfM3gXfRmo3FMlcBDIPoY:rv8zfC03tgcA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2.dll,#1
  2⤵
  PID:1976

memory/1976-55-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download