ac9d0f96d48b4b4238e216337aa395e932980e84a3fe738505d3a4dda5bca511

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:40

Target

ac9d0f96d48b4b4238e216337aa395e932980e84a3fe738505d3a4dda5bca511.dll
Size

13KB
MD5

94cedcd65c1c490fa00de9618ec7cdf4
SHA1

6d8365a15e4224f1d06bd0044435ea51ea77850e
SHA256

ac9d0f96d48b4b4238e216337aa395e932980e84a3fe738505d3a4dda5bca511
SHA512

f0e3b56cab7214fa3a0d3a6475d4b8108df06c4448a7c5ee9edfe0346da2891473dc75436bf414ef0ae0d902514d1b14de00568c79edf3bba7f9a0d0234f4463
SSDEEP

384:6wSJ2vDGLOcJvsmyqzuMByqcLirXuwai:9SJ2y1sOzPgX0uv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 548	864	rundll32.exe	27
PID 864 wrote to memory of 548	864	rundll32.exe	27
PID 864 wrote to memory of 548	864	rundll32.exe	27
PID 864 wrote to memory of 548	864	rundll32.exe	27
PID 864 wrote to memory of 548	864	rundll32.exe	27
PID 864 wrote to memory of 548	864	rundll32.exe	27
PID 864 wrote to memory of 548	864	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac9d0f96d48b4b4238e216337aa395e932980e84a3fe738505d3a4dda5bca511.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac9d0f96d48b4b4238e216337aa395e932980e84a3fe738505d3a4dda5bca511.dll,#1
  2⤵
  PID:548

memory/548-55-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/548-56-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download