5da02c226c13e1d30b1f6db630908cc2db2069925044ddf6f56590d4deafe994

Analysis

max time kernel
7s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 02:23

Target

5da02c226c13e1d30b1f6db630908cc2db2069925044ddf6f56590d4deafe994.dll
Size

4KB
MD5

2c024989131d61b2e5793994173a2fc0
SHA1

fec8a6e92f64999464c5429f4d3022dfc1ac84db
SHA256

5da02c226c13e1d30b1f6db630908cc2db2069925044ddf6f56590d4deafe994
SHA512

c8974e63c253288006b8739b271d3e0599aaeb5243a0109485028d9966486f5c5fd36c2cb95443b64b61314830a972a5571e35f3049cb3e74aff1f7c97265188
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKap9v/1Us7oONvbBvTDfWniNVUWXS:PT3r2vu9ppd1vzbB7LFNKWXS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2028	1808	rundll32.exe	28
PID 1808 wrote to memory of 2028	1808	rundll32.exe	28
PID 1808 wrote to memory of 2028	1808	rundll32.exe	28
PID 1808 wrote to memory of 2028	1808	rundll32.exe	28
PID 1808 wrote to memory of 2028	1808	rundll32.exe	28
PID 1808 wrote to memory of 2028	1808	rundll32.exe	28
PID 1808 wrote to memory of 2028	1808	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5da02c226c13e1d30b1f6db630908cc2db2069925044ddf6f56590d4deafe994.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5da02c226c13e1d30b1f6db630908cc2db2069925044ddf6f56590d4deafe994.dll,#1
  2⤵
  PID:2028

memory/2028-55-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download