dc5de4868680e4fe2b58174c4d15ffe108401757882cc94129678fb8ea801a4f

Analysis

max time kernel
24s
max time network
116s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:34

Target

dc5de4868680e4fe2b58174c4d15ffe108401757882cc94129678fb8ea801a4f.dll
Size

6KB
MD5

9318b0c0b317927b779f92724df55990
SHA1

91760adeb96548b258a50b7b0535a8b064a6374e
SHA256

dc5de4868680e4fe2b58174c4d15ffe108401757882cc94129678fb8ea801a4f
SHA512

4f5fa29b1169ab529b82425efc74a2be9fcb0d8f09fdade2b0cb533369f45c2f71bfb8979c5444a7f31d36ee1022f99234ecc6eba40530c4422add3a7dfa6ed9
SSDEEP

96:nGTKrYJyJ5gT9jXk9eXWI/n9e1r/CVd7p0jsnmUD7cI4bWG:nGTWJGp0UZUd6378snt7cI4D

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1488	900	rundll32.exe	27
PID 900 wrote to memory of 1488	900	rundll32.exe	27
PID 900 wrote to memory of 1488	900	rundll32.exe	27
PID 900 wrote to memory of 1488	900	rundll32.exe	27
PID 900 wrote to memory of 1488	900	rundll32.exe	27
PID 900 wrote to memory of 1488	900	rundll32.exe	27
PID 900 wrote to memory of 1488	900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc5de4868680e4fe2b58174c4d15ffe108401757882cc94129678fb8ea801a4f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc5de4868680e4fe2b58174c4d15ffe108401757882cc94129678fb8ea801a4f.dll,#1
  2⤵
  PID:1488

memory/1488-55-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download