f5984f1ce3f63738d50b559bb13417623e5a8fbeade5fcd481447987a0cda591

Analysis

max time kernel
2s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:21

Target

f5984f1ce3f63738d50b559bb13417623e5a8fbeade5fcd481447987a0cda591.dll
Size

51KB
MD5

37ab46c8d86ac4feb05ecfd2495afa96
SHA1

f70b52d914cf756e9efde1dd7eddc43d0454f78f
SHA256

f5984f1ce3f63738d50b559bb13417623e5a8fbeade5fcd481447987a0cda591
SHA512

7064c07d1aa2504aaff7993126b330499944cc192f3e98fb7986c9c13ac27616b61f1f2d93da5f7a2d9c42c211f656068ebae89bdf469d1a28937ae8b9560dd8
SSDEEP

1536:4sKXEu2znskPWKveS4bF9d+hvX3hluR+iSVtw:NP7skGFr+hGRIVe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1664	1616	rundll32.exe	28
PID 1616 wrote to memory of 1664	1616	rundll32.exe	28
PID 1616 wrote to memory of 1664	1616	rundll32.exe	28
PID 1616 wrote to memory of 1664	1616	rundll32.exe	28
PID 1616 wrote to memory of 1664	1616	rundll32.exe	28
PID 1616 wrote to memory of 1664	1616	rundll32.exe	28
PID 1616 wrote to memory of 1664	1616	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5984f1ce3f63738d50b559bb13417623e5a8fbeade5fcd481447987a0cda591.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5984f1ce3f63738d50b559bb13417623e5a8fbeade5fcd481447987a0cda591.dll,#1
  2⤵
  PID:1664

memory/1664-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download