b5266869d2f9b4078b5ba032223c03889c2adb27ef825b6db2383bf07c14892a

Analysis

max time kernel
78s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 06:20

Target

b5266869d2f9b4078b5ba032223c03889c2adb27ef825b6db2383bf07c14892a.dll
Size

124KB
MD5

44f7b9023a128a64e7b818aef6d867aa
SHA1

1440576fc472b8605b3f99dca9f4b16b44840258
SHA256

b5266869d2f9b4078b5ba032223c03889c2adb27ef825b6db2383bf07c14892a
SHA512

9fa48be63a321a983c6b7cd62e6073442359b56a1a39ac4518521f79cef22e39fa64b02680cfd9ecd64ca21028fb634d77e92efa2cbecce07133a96343d30596
SSDEEP

3072:W3usageN50zW1WJzV87RtTyW4oFug6QUP:22d77b7P6Q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1164 wrote to memory of 1524	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1524	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1524	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1524	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1524	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1524	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1524	1164	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5266869d2f9b4078b5ba032223c03889c2adb27ef825b6db2383bf07c14892a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5266869d2f9b4078b5ba032223c03889c2adb27ef825b6db2383bf07c14892a.dll,#1
  2⤵
  PID:1524

memory/1524-54-0x0000000000000000-mapping.dmp

Download
memory/1524-55-0x0000000076931000-0x0000000076933000-memory.dmp

Filesize
8KB

Download