c5caa387b272e9ac93ee25759edfff747dca748b946044b00f8da8ed2b230118

Analysis

max time kernel
12s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 18:02

Target

c5caa387b272e9ac93ee25759edfff747dca748b946044b00f8da8ed2b230118.dll
Size

72KB
MD5

0bdae490326a60b94aad012a6dd855c0
SHA1

b18e7cb1187b4917cae3ee71572fc77147f8bda9
SHA256

c5caa387b272e9ac93ee25759edfff747dca748b946044b00f8da8ed2b230118
SHA512

f1112019d361928299ccd5f2014b6f5ad840187d34c9d683bb9eade0bdeeeffc47f9aa678d381878e0f3a3106bd19d89db2307ce336f853f63799a6235e531d0
SSDEEP

1536:uUPMadZgQ24x/tCcgQFPvXGNRfWlAPClJO:uT8KQ2K/txrt2NNClJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1520	2024	rundll32.exe	28
PID 2024 wrote to memory of 1520	2024	rundll32.exe	28
PID 2024 wrote to memory of 1520	2024	rundll32.exe	28
PID 2024 wrote to memory of 1520	2024	rundll32.exe	28
PID 2024 wrote to memory of 1520	2024	rundll32.exe	28
PID 2024 wrote to memory of 1520	2024	rundll32.exe	28
PID 2024 wrote to memory of 1520	2024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5caa387b272e9ac93ee25759edfff747dca748b946044b00f8da8ed2b230118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5caa387b272e9ac93ee25759edfff747dca748b946044b00f8da8ed2b230118.dll,#1
  2⤵
  PID:1520

memory/1520-54-0x0000000000000000-mapping.dmp

Download
memory/1520-55-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download