b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 10:18

Target

b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4.dll
Size

139KB
MD5

03f6368f15db4fa0fc4bddba65a9e3c0
SHA1

dfd976984cfdad014301c7ebcf455f48103daa33
SHA256

b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4
SHA512

7e6205b47aa3d761e197b97789d7bf0cbd30544816ba625187f57127570bc9a0114d7dbfbc3dd70cd45f9f23c434c742d390ced437a9e84be9b8d4938862a5d0
SSDEEP

1536:z1Hbo2hEK8S3L5GtEW50n+Sv+fgGIK1rMII4n954M9IYCsQrSt7tcWBJ:z17opK8Shjd+TZnI49zqY117tt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4.dll,#1
  2⤵
  PID:928

memory/928-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download
memory/928-56-0x0000000074F50000-0x0000000074F77000-memory.dmp

Filesize
156KB

Download
memory/928-57-0x0000000074F20000-0x0000000074F47000-memory.dmp

Filesize
156KB

Download
memory/928-58-0x0000000074F50000-0x0000000074F77000-memory.dmp

Filesize
156KB

Download