58e5394778f1044fdb95e2296b0445ebd8445adf4c2ce7e54194b334d6ea7141

Analysis

max time kernel
37s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 08:37

Target

58e5394778f1044fdb95e2296b0445ebd8445adf4c2ce7e54194b334d6ea7141.dll
Size

421KB
MD5

d6d8b73f400e51ce9a9822ff1bbc25d0
SHA1

575ae4214c9550117597e65397642e9f7f28877b
SHA256

58e5394778f1044fdb95e2296b0445ebd8445adf4c2ce7e54194b334d6ea7141
SHA512

cfb5a73fe0d4502269cf3aac0e6ca11a901085c89eb67b34007f409354ca464f25a67959c59a66b8177eb1b8d6e685845bbf11d9dceebabcb08ad4e9cc414df2
SSDEEP

12288:+xyKQJCRqM+NXustcDMvz+SwXqG68l81dTdxGmnOTn8aGasPQkL:+xyJp9sstcAvzvwXqG68ledTH7Yc/L

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 1452	1676	rundll32.exe	28
PID 1676 wrote to memory of 1452	1676	rundll32.exe	28
PID 1676 wrote to memory of 1452	1676	rundll32.exe	28
PID 1676 wrote to memory of 1452	1676	rundll32.exe	28
PID 1676 wrote to memory of 1452	1676	rundll32.exe	28
PID 1676 wrote to memory of 1452	1676	rundll32.exe	28
PID 1676 wrote to memory of 1452	1676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58e5394778f1044fdb95e2296b0445ebd8445adf4c2ce7e54194b334d6ea7141.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58e5394778f1044fdb95e2296b0445ebd8445adf4c2ce7e54194b334d6ea7141.dll,#1
  2⤵
  PID:1452

memory/1452-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download