576bded6e4ee375fe7a3800359d6986b6c9f6c00d13c7b65053e0bc9fc81460c

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 05:02

Target

576bded6e4ee375fe7a3800359d6986b6c9f6c00d13c7b65053e0bc9fc81460c.dll
Size

34KB
MD5

e0508c918c2d706ca9ec180eac941260
SHA1

6f7965041044b501d305e6b0ce284e925126b3b2
SHA256

576bded6e4ee375fe7a3800359d6986b6c9f6c00d13c7b65053e0bc9fc81460c
SHA512

0d9a8cf8d11370db70663e3c16f86e7563557ccddcd191525a410896b603f87cf354c94bade3ec07761cc32c404f5c7fa316a075fae2cdc3d08406604d1d36eb
SSDEEP

768:u7mRDL0cgngbMzSJOQc7S/DftqqhnP0RROPx:OmRD7gHzS0d7S/1pMRROp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\576bded6e4ee375fe7a3800359d6986b6c9f6c00d13c7b65053e0bc9fc81460c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\576bded6e4ee375fe7a3800359d6986b6c9f6c00d13c7b65053e0bc9fc81460c.dll,#1
  2⤵
  PID:1612

memory/1612-55-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download