d935f56971ab569b80d56f686e5c2b8d72b3e058893369a05fa2a9cc598fbb45

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 00:51

Target

d935f56971ab569b80d56f686e5c2b8d72b3e058893369a05fa2a9cc598fbb45.dll
Size

67KB
MD5

2a2f08824d8ad882e09e1f77a1060e74
SHA1

f2d4c53ac2885e4994a8ab8969ccb508a824f7f4
SHA256

d935f56971ab569b80d56f686e5c2b8d72b3e058893369a05fa2a9cc598fbb45
SHA512

5cd57d75c769b1ef8be1def7dd7793c9d93c1f2f0cc422b63d42c86ec2f4b01e46ba78d4b79883405d02268f01c24f99e0da7c6b05032487af08d92c2e3e8365
SSDEEP

1536:7nrxDussGn4AAejPC7Mp/c+HJgKKWz3p/wBBws:D6tV0pk+pg6t/EKs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d935f56971ab569b80d56f686e5c2b8d72b3e058893369a05fa2a9cc598fbb45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d935f56971ab569b80d56f686e5c2b8d72b3e058893369a05fa2a9cc598fbb45.dll,#1
  2⤵
  PID:1744

memory/1744-55-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download