bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7

Analysis

max time kernel
18s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:59

Target

bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7.dll
Size

4KB
MD5

26b67a076d64f1f5f78a8d405bcad060
SHA1

5d695bbd3fecd0539c9bc3d6eaef5118e9a1220a
SHA256

bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7
SHA512

808137af3473469bc8dbe2f8e592ade8d277fc3924f75a4ea7c9ee02f34896d80b35da4fcfd9251e81547f95df9d411f3c3f11506f8b3abbe246e20bda484cdb
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LoX0walv92fpNsTaeuy31ysNO:TRphMzf8oX7+TaCnc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1732	1620	rundll32.exe	27
PID 1620 wrote to memory of 1732	1620	rundll32.exe	27
PID 1620 wrote to memory of 1732	1620	rundll32.exe	27
PID 1620 wrote to memory of 1732	1620	rundll32.exe	27
PID 1620 wrote to memory of 1732	1620	rundll32.exe	27
PID 1620 wrote to memory of 1732	1620	rundll32.exe	27
PID 1620 wrote to memory of 1732	1620	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7.dll,#1
  2⤵
  PID:1732

memory/1732-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download