546a3d64dd57ed39f137966c67bac4cf1c28b5a8689a0881eec9b32c3941c4c5

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 07:57

Target

546a3d64dd57ed39f137966c67bac4cf1c28b5a8689a0881eec9b32c3941c4c5.dll
Size

511KB
MD5

7d72497589cd35170132c43f936b2cd0
SHA1

79641d8ae423a599c46586bd89cba48ce339047f
SHA256

546a3d64dd57ed39f137966c67bac4cf1c28b5a8689a0881eec9b32c3941c4c5
SHA512

9ffb45621405e0dd5b1be58ccfc3e6fc44b4ffcf852ec89b35dc84fce81248bddf0109edc8b4d4b4e16b120a013d9ced4f3ea10b0bae0eda225d244dc11e2a2e
SSDEEP

12288:dhnAy6dl12gWLOoS4aiSjGY84OVA4p/LDDXJJ8LadER3:zh6H12gaHSjL84OO4VLDD5jS3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\546a3d64dd57ed39f137966c67bac4cf1c28b5a8689a0881eec9b32c3941c4c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\546a3d64dd57ed39f137966c67bac4cf1c28b5a8689a0881eec9b32c3941c4c5.dll,#1
  2⤵
  PID:1980

memory/1980-55-0x0000000076141000-0x0000000076143000-memory.dmp

Filesize
8KB

Download
memory/1980-56-0x0000000074D40000-0x0000000074DF0000-memory.dmp

Filesize
704KB

Download