a49f2d53a67bcdca738a2d9fb0398d5a4d7296d2a0dacd282ba6473ba3222bef

Analysis

max time kernel
82s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 04:44

Target

a49f2d53a67bcdca738a2d9fb0398d5a4d7296d2a0dacd282ba6473ba3222bef.dll
Size

5KB
MD5

4eb689e8ff18d2c48b558ea920e41690
SHA1

dfbd548e9e22206cf42da63190e6dc1cb0ad2cf1
SHA256

a49f2d53a67bcdca738a2d9fb0398d5a4d7296d2a0dacd282ba6473ba3222bef
SHA512

8177c9dc8cf4ea3320561f8d1b37596da4a0f35b3d700ee5372198a76fd2ca8a7b42e8a02c1cd6959f3066bb058fb81664a4590aab480b033069b7c2480a52fe
SSDEEP

48:Ss0wYjRDmah965/icI7Tp3srHbezbKsrp4WyOacD8daZyGTE6suJTee8PK0iGt5l:z0B96BLIzE7cD7ZyAEBe8CDKtDP0LLR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28
PID 316 wrote to memory of 296	316	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a49f2d53a67bcdca738a2d9fb0398d5a4d7296d2a0dacd282ba6473ba3222bef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a49f2d53a67bcdca738a2d9fb0398d5a4d7296d2a0dacd282ba6473ba3222bef.dll,#1
  2⤵
  PID:296

memory/296-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download