497a42dc7b22e9ea16961663538ae9bc9d3d37da1a975b29ad723a57c322a27a

Analysis

max time kernel
142s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 04:41

Target

497a42dc7b22e9ea16961663538ae9bc9d3d37da1a975b29ad723a57c322a27a.dll
Size

16KB
MD5

776aae85f10d9afc890a24feb4d24160
SHA1

bb7dc0a5bd08c6618d3e1307f9561c575e2de36b
SHA256

497a42dc7b22e9ea16961663538ae9bc9d3d37da1a975b29ad723a57c322a27a
SHA512

1ee1d86049fd496d8fd9826f1ec361e4f470ec530ac9c169fb5eda429b26a97db6ade223517fa0dc58499b5fe52614f8c1bbd11f468edfa81c5cb780cad939f9
SSDEEP

192:wt1qVmTUF+muelFqd29wOqRM3oJ5WHOYLe336ukMrIxligMTC:O1AmTUF+mZFM2aO8M3oJpupMrITtMTC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27
PID 1368 wrote to memory of 1700	1368	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\497a42dc7b22e9ea16961663538ae9bc9d3d37da1a975b29ad723a57c322a27a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\497a42dc7b22e9ea16961663538ae9bc9d3d37da1a975b29ad723a57c322a27a.dll,#1
  2⤵
  PID:1700

memory/1700-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download
memory/1700-56-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1700-57-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download