479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 23:58

Target

479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll
Size

26KB
MD5

e71d881e12b6f40e4f2785e9fe944650
SHA1

54dab85dc5490d21f83017ee6b48e64691556c3c
SHA256

479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad
SHA512

21bfc03d15b03d7ba3076131d82ff3e33f0e43aa40585cad751ac314805d0b72f8f05aa56b0f60b2a40d20b1fbaccc365d3e2ec99e4632d4a7c5e31887f88272
SSDEEP

384:V5m008E9N4NJI9LmFKZxGvAEio77bicN8oN3vZa7xh2RaRLwg7Pd:2008NI9LpZxG8o7KcuoBQ7PfRMg7Pd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 904	1528	rundll32.exe	27
PID 1528 wrote to memory of 904	1528	rundll32.exe	27
PID 1528 wrote to memory of 904	1528	rundll32.exe	27
PID 1528 wrote to memory of 904	1528	rundll32.exe	27
PID 1528 wrote to memory of 904	1528	rundll32.exe	27
PID 1528 wrote to memory of 904	1528	rundll32.exe	27
PID 1528 wrote to memory of 904	1528	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll,#1
  2⤵
  PID:904

memory/904-55-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download