059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 14:26

Target

059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6.dll
Size

147KB
MD5

577ec6b298ca7eedc4f3ef5140d3177d
SHA1

11ad3d415d1909c105cbd041831bc2a479a074b7
SHA256

059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6
SHA512

ca41d26057d8bfeb63d45a8783cec41471b3a7e0fa9d31e76ed168ab2b5952af901a30020cec92a8c4b9f0f7964bcefc37f7e1cb9482a25355265e91de0cc3db
SSDEEP

3072:EI71lBxAIgxq5csSI6+2PtSJ6By2XaBP1ZlaV75:0qOsPJcXcRaV75

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6.dll,#1
  2⤵
  PID:964

memory/964-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download