985146cc84af848d4c475e526ffdbc38e2ee061b5917f5e3ab0a5783bbf90bb6

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:40

Target

985146cc84af848d4c475e526ffdbc38e2ee061b5917f5e3ab0a5783bbf90bb6.dll
Size

6KB
MD5

0f5313b206a2e382cbff98cd0260e800
SHA1

ee11ebb590782ccc8b40791d0cf5bfc903f8449f
SHA256

985146cc84af848d4c475e526ffdbc38e2ee061b5917f5e3ab0a5783bbf90bb6
SHA512

f2f1bd502ad125a56907f0e6d614ab7c8090a4c0a575ba899b574e17c0cfd58bdc08e18794dd5c54b552748c0682bf7d8e89c8893a6b9c98d1c3acffff971e6f
SSDEEP

48:CCyEjm9/26xBs/klS4rklShklSK8klS3klSTIZGOixlEBhMiTTl6ZK5yMjyoyDyC:hyZxm/jmjhjvj3jcZGV4RXnGNI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27
PID 1284 wrote to memory of 820	1284	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\985146cc84af848d4c475e526ffdbc38e2ee061b5917f5e3ab0a5783bbf90bb6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\985146cc84af848d4c475e526ffdbc38e2ee061b5917f5e3ab0a5783bbf90bb6.dll,#1
  2⤵
  PID:820

memory/820-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download