59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb

Analysis

max time kernel
19s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 04:54

Target

59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb.dll
Size

59KB
MD5

6c207a1948a35a343f5a2720557359a0
SHA1

866d56abd9007645c8e912d62780544c017b1a35
SHA256

59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb
SHA512

d62c85e72993c48dfbf7995945299859181633e2a8c3aba6bfd4fa9ce5487489bc0cb5137b1c8cc2898ad0c37a8e99c993da7e89b074f4599b846cad8ef52d22
SSDEEP

1536:BfQAl+7ovO8h7exQuhcIdadtpV5MgLkcB5:dQAl+p8h9uSXDg8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 1680	1664	rundll32.exe	28
PID 1664 wrote to memory of 1680	1664	rundll32.exe	28
PID 1664 wrote to memory of 1680	1664	rundll32.exe	28
PID 1664 wrote to memory of 1680	1664	rundll32.exe	28
PID 1664 wrote to memory of 1680	1664	rundll32.exe	28
PID 1664 wrote to memory of 1680	1664	rundll32.exe	28
PID 1664 wrote to memory of 1680	1664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb.dll,#1
  2⤵
  PID:1680

memory/1680-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download