53ee4a3a005fecc5056ff6b93d0c44022bda22115425a88a5cb03a0f88dcc572

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:59

Target

53ee4a3a005fecc5056ff6b93d0c44022bda22115425a88a5cb03a0f88dcc572.dll
Size

6KB
MD5

a082b4c2a9b5c9378dbba2c9a22f33c0
SHA1

d3f8bfdcd7b9012e094c4c1455014199951c77cf
SHA256

53ee4a3a005fecc5056ff6b93d0c44022bda22115425a88a5cb03a0f88dcc572
SHA512

ce01ee1be6f59e224ce7db25b693730f77a02d335b08da0c8b63a6846103f68aad34ed5dd40794741e17cdb98768a034b3217e73fb2e0bb0997da4113ddb03b4
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD7wDPv98:juLJ/oAdQPQa2aeng7IC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 1368	1788	rundll32.exe	28
PID 1788 wrote to memory of 1368	1788	rundll32.exe	28
PID 1788 wrote to memory of 1368	1788	rundll32.exe	28
PID 1788 wrote to memory of 1368	1788	rundll32.exe	28
PID 1788 wrote to memory of 1368	1788	rundll32.exe	28
PID 1788 wrote to memory of 1368	1788	rundll32.exe	28
PID 1788 wrote to memory of 1368	1788	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\53ee4a3a005fecc5056ff6b93d0c44022bda22115425a88a5cb03a0f88dcc572.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\53ee4a3a005fecc5056ff6b93d0c44022bda22115425a88a5cb03a0f88dcc572.dll,#1
  2⤵
  PID:1368

memory/1368-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download