d93ea5943ef76b7859635569acbdd23dcee774cd46c6656a5971a466ccad6493

Analysis

max time kernel
14s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 22:15

Target

d93ea5943ef76b7859635569acbdd23dcee774cd46c6656a5971a466ccad6493.dll
Size

5KB
MD5

a2aec0201d6f918ccd555186f4ca85a0
SHA1

c627d1255334da98a7776882c665a93dd053693a
SHA256

d93ea5943ef76b7859635569acbdd23dcee774cd46c6656a5971a466ccad6493
SHA512

db995a067d1c30212f2bd3edf7b0856c1915dab0d76291a3a0cf69ca8fb9003f4c47b9dc3b168497c478d01ded7f33bc2dd93b763d0de97ad732aed32bee0ce1
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKmqUWwh/AeoGjk7nnQQyexII2y7wWFcJ0g3t7:PT3r2vu9Ku/zNYQRexGyEWX8t7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28
PID 1260 wrote to memory of 2012	1260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d93ea5943ef76b7859635569acbdd23dcee774cd46c6656a5971a466ccad6493.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d93ea5943ef76b7859635569acbdd23dcee774cd46c6656a5971a466ccad6493.dll,#1
  2⤵
  PID:2012

memory/2012-54-0x0000000000000000-mapping.dmp

Download
memory/2012-55-0x0000000075C41000-0x0000000075C43000-memory.dmp

Filesize
8KB

Download