521b6e41632bea8b6a1bf19ab1652c860c76ebe5bcbea3c9057ba872893471f1

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 06:23

Target

521b6e41632bea8b6a1bf19ab1652c860c76ebe5bcbea3c9057ba872893471f1.dll
Size

173KB
MD5

a6139f87a4720d9b220e89be8e098314
SHA1

cc2f35a33a13a43f3b643e8420c3e93fbe53bf47
SHA256

521b6e41632bea8b6a1bf19ab1652c860c76ebe5bcbea3c9057ba872893471f1
SHA512

8f2e30210d14679fdd76f4aa15d4425b8f6442b8f0fed14dff1ec7fc43b8fc87fa79415348f0ff480333499ffb862b07008ad36f6ff669443ffb80da76e09c4f
SSDEEP

3072:ZUITPcBOBphvMg97P7kt+qPNLXgvpqbnPaaHI4N4maUNK3C9vQNvHw:qITPyqug9Xq+qPn/HI4N4mH5Q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\521b6e41632bea8b6a1bf19ab1652c860c76ebe5bcbea3c9057ba872893471f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\521b6e41632bea8b6a1bf19ab1652c860c76ebe5bcbea3c9057ba872893471f1.dll,#1
  2⤵
  PID:1964

memory/1964-55-0x0000000075041000-0x0000000075043000-memory.dmp

Filesize
8KB

Download