55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125

Analysis

max time kernel
4s
max time network
29s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:15

Target

55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll
Size

63KB
MD5

100af252bf2e7f6805690030f1ce82db
SHA1

8a4c6278f90624e26e1c010be18d39c0f2cd2caf
SHA256

55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125
SHA512

d52eecbde89e39f664a3352a1d4c01e3d92ed97054f78572739726d8b720672be5abc456450254be7429cd90549e0b3c2cec182b2c88668138630bef7cbf678c
SSDEEP

1536:n7ZLNPp9pZBMRQIsYAtTB2AOgQkjNA5+FkLgHo0vY:7ZppI7RAT2A4mNAgKgI0g

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 1272	1224	rundll32.exe	28
PID 1224 wrote to memory of 1272	1224	rundll32.exe	28
PID 1224 wrote to memory of 1272	1224	rundll32.exe	28
PID 1224 wrote to memory of 1272	1224	rundll32.exe	28
PID 1224 wrote to memory of 1272	1224	rundll32.exe	28
PID 1224 wrote to memory of 1272	1224	rundll32.exe	28
PID 1224 wrote to memory of 1272	1224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll,#1
  2⤵
  PID:1272

memory/1272-55-0x0000000075C41000-0x0000000075C43000-memory.dmp

Filesize
8KB

Download