519b05f7a5bdc90beb2393a7cd35f9f899c6efd244377af49d92cfbff663a997

Analysis

max time kernel
252s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 01:21

Target

519b05f7a5bdc90beb2393a7cd35f9f899c6efd244377af49d92cfbff663a997.dll
Size

6KB
MD5

8147c8ce9b7aca72b0ff8c50c572d0c0
SHA1

9622246c927965a4215ae02e65dcabf837e18d91
SHA256

519b05f7a5bdc90beb2393a7cd35f9f899c6efd244377af49d92cfbff663a997
SHA512

0df14ce841dc0bf875bc94c16e6af43e48f3917577c9eb264ad01befdf26d1d38a15efcab52ca4483711ac52f082ad9244a53a96581e54a8ef207cecf5cb0e71
SSDEEP

96:nGTKrYJyJ5gT9jXk9eXWI/n9e1r/CVd7p0jsnmUD7hcpQ:nGTWJGp0UZUd6378snt7h4Q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 664 wrote to memory of 468	664	rundll32.exe	28
PID 664 wrote to memory of 468	664	rundll32.exe	28
PID 664 wrote to memory of 468	664	rundll32.exe	28
PID 664 wrote to memory of 468	664	rundll32.exe	28
PID 664 wrote to memory of 468	664	rundll32.exe	28
PID 664 wrote to memory of 468	664	rundll32.exe	28
PID 664 wrote to memory of 468	664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\519b05f7a5bdc90beb2393a7cd35f9f899c6efd244377af49d92cfbff663a997.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\519b05f7a5bdc90beb2393a7cd35f9f899c6efd244377af49d92cfbff663a997.dll,#1
  2⤵
  PID:468

memory/468-54-0x0000000000000000-mapping.dmp

Download
memory/468-55-0x00000000763D1000-0x00000000763D3000-memory.dmp

Filesize
8KB

Download