4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:24

Target

4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45.dll
Size

51KB
MD5

d985dfd694e1e3219e2af299eb8de040
SHA1

a1a1f0f0efbf0ce59c2aa6a271cd58ee587a506f
SHA256

4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45
SHA512

e4974d6e6943e3e0d331f606fe8b20591217302757b23e8064ca6ffbfc08094ada902d08a82cf9497c2f8789582cc8293f2f020c1c93fa7fda6e9253a44e8641
SSDEEP

1536:yHZ6NZRR40owqzzPGFpkaLiCGL6mrBd15j:yH43RJowcTwzcd1h

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45.dll,#1
  2⤵
  PID:980

memory/980-55-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download