572b5cb27864d81fa84aa057d14c752c712fd777e167c979a2a7386f31a97a11

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 02:24

Target

572b5cb27864d81fa84aa057d14c752c712fd777e167c979a2a7386f31a97a11.dll
Size

6KB
MD5

4854f3a86483202098d94ccc988c1b30
SHA1

b8d4a8f988ec37c73018dd5c4eaea83757ea07ad
SHA256

572b5cb27864d81fa84aa057d14c752c712fd777e167c979a2a7386f31a97a11
SHA512

c7bc58daaec4794f9a0b3fc58579870f0acf4f313d0205e73edb88cf9021ac747d0f1fb4e481cb3792e09ee49cadaed3683ac02cd67be8ce7c0294bc28841dba
SSDEEP

96:nI2RrUeq9zNITuNH4jVkCl1pp/+kf7OQFhzR:XR4eYzlopF+uP5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27
PID 1064 wrote to memory of 1036	1064	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\572b5cb27864d81fa84aa057d14c752c712fd777e167c979a2a7386f31a97a11.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\572b5cb27864d81fa84aa057d14c752c712fd777e167c979a2a7386f31a97a11.dll,#1
  2⤵
  PID:1036

memory/1036-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download