156af52d7317f00171dea817adcbf79a9fa0e6e341070c1aea5fdb98d342197e

Analysis

max time kernel
18s
max time network
74s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 06:42

Target

156af52d7317f00171dea817adcbf79a9fa0e6e341070c1aea5fdb98d342197e.dll
Size

48KB
MD5

a3e89f9c6cd3b4a938a98a336de30e8c
SHA1

b978b3b52f8a1b3c88b5c98b74fbe84351801808
SHA256

156af52d7317f00171dea817adcbf79a9fa0e6e341070c1aea5fdb98d342197e
SHA512

8870a59f8233f5c106dc1f90fd0e62a56bfbb222f8ed58f50da148d89dc40d3b53a6ec1172652fc51314061570ee8f3916811794230870cbe5705220d5deb26d
SSDEEP

768:54L9d3fQAzWPKOBHiPKVcc2TFxZPDnoX9tkACMmMAhs:GLvfAK6rOzZLnoHklM1gs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1128	1500	rundll32.exe	28
PID 1500 wrote to memory of 1128	1500	rundll32.exe	28
PID 1500 wrote to memory of 1128	1500	rundll32.exe	28
PID 1500 wrote to memory of 1128	1500	rundll32.exe	28
PID 1500 wrote to memory of 1128	1500	rundll32.exe	28
PID 1500 wrote to memory of 1128	1500	rundll32.exe	28
PID 1500 wrote to memory of 1128	1500	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\156af52d7317f00171dea817adcbf79a9fa0e6e341070c1aea5fdb98d342197e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\156af52d7317f00171dea817adcbf79a9fa0e6e341070c1aea5fdb98d342197e.dll,#1
  2⤵
  PID:1128

memory/1128-54-0x0000000000000000-mapping.dmp

Download
memory/1128-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download