5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77

Analysis

max time kernel
36s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 02:34

Target

5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77.dll
Size

28KB
MD5

09f796df9c7a35002309053801c464e0
SHA1

8be9a5684ba9e8636b7046f52433e3c8637127e2
SHA256

5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77
SHA512

758382b9bac0f7707bb111ef1b6e069202a540cf471ce6bffea006f78c22db7f1bb84934b6137693265242643b117b0bbfd06c031a8cbe63b33bf1b82e2c92aa
SSDEEP

384:uiW2/S8CHPw7Im5ajszMY/7mjA3/OpUP/lfe:wb8IO/u6/O+P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2008	928	rundll32.exe	27
PID 928 wrote to memory of 2008	928	rundll32.exe	27
PID 928 wrote to memory of 2008	928	rundll32.exe	27
PID 928 wrote to memory of 2008	928	rundll32.exe	27
PID 928 wrote to memory of 2008	928	rundll32.exe	27
PID 928 wrote to memory of 2008	928	rundll32.exe	27
PID 928 wrote to memory of 2008	928	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77.dll,#1
  2⤵
  PID:2008

memory/2008-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download