91b520f53961c833b4fd17d213dd4e4ce5363e36ffee5de40552479b0fa66e46

Analysis

max time kernel
226s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 20:23

Target

91b520f53961c833b4fd17d213dd4e4ce5363e36ffee5de40552479b0fa66e46.dll
Size

32KB
MD5

c822419ed259d925dbfe201c69832721
SHA1

929537606f0908ac6b1ee562334a91b53f25b4f7
SHA256

91b520f53961c833b4fd17d213dd4e4ce5363e36ffee5de40552479b0fa66e46
SHA512

4334d5cde6eee7b85f432dc6175bebe1e4f26fbd3c3dad8db0a29c270844e521f87cdf8188feda7352f36e26a6866da0840dbfd9056ba59be3602ea75b6d192d
SSDEEP

384:lpuj39NfuKDQ/BFgbpoVCl8zjOvyzJW77+1O+qXSQG9aFJFrRCRNYY4p:Lujru/O2Ml8zCSW7ADMSZ96BURNYYk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 588	1644	rundll32.exe	28
PID 1644 wrote to memory of 588	1644	rundll32.exe	28
PID 1644 wrote to memory of 588	1644	rundll32.exe	28
PID 1644 wrote to memory of 588	1644	rundll32.exe	28
PID 1644 wrote to memory of 588	1644	rundll32.exe	28
PID 1644 wrote to memory of 588	1644	rundll32.exe	28
PID 1644 wrote to memory of 588	1644	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91b520f53961c833b4fd17d213dd4e4ce5363e36ffee5de40552479b0fa66e46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91b520f53961c833b4fd17d213dd4e4ce5363e36ffee5de40552479b0fa66e46.dll,#1
  2⤵
  PID:588

memory/588-55-0x0000000076581000-0x0000000076583000-memory.dmp

Filesize
8KB

Download