4caf4be5dd338565d1488a392952331d06736701103b074c9f9a45153af64a22

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 09:14

Target

4caf4be5dd338565d1488a392952331d06736701103b074c9f9a45153af64a22.dll
Size

108KB
MD5

1b15688be7cc94eacd5bfd063b1a3190
SHA1

366ded3e79ef4b18bb4bbd2437f5ca972bbc55fc
SHA256

4caf4be5dd338565d1488a392952331d06736701103b074c9f9a45153af64a22
SHA512

b5244944869733535c873eb81bb2d5ef859fa3658ceafd7d4c0eb41cbbf978e5531780c73da02574a05c4d9f34cfddfa69a146737f6cdee28957b831908f9f91
SSDEEP

1536:EK/MFocGogybG+60Q+uEEpBl2+Q1BvEnSpEqN2PpdGixX3jHFl6lN05m:EUKocH6MQ+uZ0R15//arZpl6lNcm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27
PID 1104 wrote to memory of 1744	1104	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4caf4be5dd338565d1488a392952331d06736701103b074c9f9a45153af64a22.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4caf4be5dd338565d1488a392952331d06736701103b074c9f9a45153af64a22.dll,#1
  2⤵
  PID:1744

memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download