57b2d1e0125216a9928b6852ca04f64755a4dde5742f7bc93b04a1eddd90cfa1

Analysis

max time kernel
233s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 02:24

Target

57b2d1e0125216a9928b6852ca04f64755a4dde5742f7bc93b04a1eddd90cfa1.dll
Size

6KB
MD5

d0bf4ee85ae232c9cca3842e1de51810
SHA1

4a0c825b103ee2d26da995191fd70fed4a94d105
SHA256

57b2d1e0125216a9928b6852ca04f64755a4dde5742f7bc93b04a1eddd90cfa1
SHA512

07e9d8f05e830cc14686bff50bb249760ffae968b8c29a523970bc28219498150aab7e7631fc8894fd6cb8f9cdc8e2cdb7b6babee336e6e7e7317e909281d55f
SSDEEP

96:z0QR9B6BvAwbVkpOb/qb3jkuYxAdU6EUpVCch:JR94/bMOb/cjPYi26EUq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 556	516	rundll32.exe	28
PID 516 wrote to memory of 556	516	rundll32.exe	28
PID 516 wrote to memory of 556	516	rundll32.exe	28
PID 516 wrote to memory of 556	516	rundll32.exe	28
PID 516 wrote to memory of 556	516	rundll32.exe	28
PID 516 wrote to memory of 556	516	rundll32.exe	28
PID 516 wrote to memory of 556	516	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57b2d1e0125216a9928b6852ca04f64755a4dde5742f7bc93b04a1eddd90cfa1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57b2d1e0125216a9928b6852ca04f64755a4dde5742f7bc93b04a1eddd90cfa1.dll,#1
  2⤵
  PID:556

memory/556-55-0x0000000075551000-0x0000000075553000-memory.dmp

Filesize
8KB

Download