8c5bc965167e795bcf8175c27a7271ecac7c4e774dde83d5e52a22b1b3df2462

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:44

Target

8c5bc965167e795bcf8175c27a7271ecac7c4e774dde83d5e52a22b1b3df2462.dll
Size

44KB
MD5

5bb46ec8bb43e8b0379680455d9a69f0
SHA1

c2ba128619dd9a82230bcdcc42be0ca43dd881f9
SHA256

8c5bc965167e795bcf8175c27a7271ecac7c4e774dde83d5e52a22b1b3df2462
SHA512

d91289a66052d0f08f7aeb76afd78ee2693cae4aab6c01616aa957030410ec246a33c9a569a13e07f0d9f00210c4a799f546c09f6f8a9328edfce7593b2c3087
SSDEEP

768:cHqXmjx5zyJOUKEaTJTUQdbHHig9g7nx7Y1AIs0jZFEo9GHq:j2jx5zyKEaTJTUkbiKw9Y1AI5tyoUH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27
PID 944 wrote to memory of 1892	944	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c5bc965167e795bcf8175c27a7271ecac7c4e774dde83d5e52a22b1b3df2462.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c5bc965167e795bcf8175c27a7271ecac7c4e774dde83d5e52a22b1b3df2462.dll,#1
  2⤵
  PID:1892

memory/1892-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download