794cd67015a6d06cb13382cd701b04012c5c9086ea1ee6db998ed969d69c50ed

Analysis

max time kernel
12s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 00:54 UTC

Target

794cd67015a6d06cb13382cd701b04012c5c9086ea1ee6db998ed969d69c50ed.dll
Size

67KB
MD5

344d9f2b170163667e1e1f9ab44adf3c
SHA1

f9a7642e344ffd9b5610efd9455b1e7f8826fc0b
SHA256

794cd67015a6d06cb13382cd701b04012c5c9086ea1ee6db998ed969d69c50ed
SHA512

e6d457a48ef6b86c801f6eed6abf84060c43c54fbb01e4457678949eda3401b907be60fd13dd93fc4a1d7f3526851cb603d733b32b61924b82d00c42f658d6da
SSDEEP

1536:7nrxDussGn4AAejPC7Mp/c+HJgKKWz3p/wBBwj:D6tV0pk+pg6t/EKj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\794cd67015a6d06cb13382cd701b04012c5c9086ea1ee6db998ed969d69c50ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\794cd67015a6d06cb13382cd701b04012c5c9086ea1ee6db998ed969d69c50ed.dll,#1
  2⤵
  PID:2016

memory/2016-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download