5f96d5d4b897050c020a5d6fbb44d1d759591f73132511e996b5e09134829a6e

Analysis

max time kernel
8s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:04

Target

5f96d5d4b897050c020a5d6fbb44d1d759591f73132511e996b5e09134829a6e.dll
Size

6KB
MD5

b1056b3e06e72a2d0513c8a70e7a1030
SHA1

dca959b7f30dc4325070e8311f6405e0626cac76
SHA256

5f96d5d4b897050c020a5d6fbb44d1d759591f73132511e996b5e09134829a6e
SHA512

4ed59c4293f756c4b057883bec28d5a341065ee35ca5018680a160b7b1490fef3a33fc16f7b63c57d679fb06dc1050d8864f67402ccd5b30fb4b57e51ead2921
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROGWpb7KS4W+MDS6PEKSG6x1k:YXB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 992	1232	rundll32.exe	28
PID 1232 wrote to memory of 992	1232	rundll32.exe	28
PID 1232 wrote to memory of 992	1232	rundll32.exe	28
PID 1232 wrote to memory of 992	1232	rundll32.exe	28
PID 1232 wrote to memory of 992	1232	rundll32.exe	28
PID 1232 wrote to memory of 992	1232	rundll32.exe	28
PID 1232 wrote to memory of 992	1232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f96d5d4b897050c020a5d6fbb44d1d759591f73132511e996b5e09134829a6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f96d5d4b897050c020a5d6fbb44d1d759591f73132511e996b5e09134829a6e.dll,#1
  2⤵
  PID:992

memory/992-55-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download