4cf0150296a1e57a93ddc07cd22a9d1f0daf7b0382a81a41c0e8dc5a850ac9ee

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:46

Target

4cf0150296a1e57a93ddc07cd22a9d1f0daf7b0382a81a41c0e8dc5a850ac9ee.dll
Size

4KB
MD5

d5dccf6a8bc2d1fbef69f3f4be1e4b00
SHA1

b0d6602f50b80d22cf14824adccc3076c75fc8ce
SHA256

4cf0150296a1e57a93ddc07cd22a9d1f0daf7b0382a81a41c0e8dc5a850ac9ee
SHA512

ef6039afa57ac758718beb98ab9ef244af56fd1d672554d2fc2f2a16cbb0bbb47a560e606d5606153c40d4e104d099c803dc51d12accf17329949ab046cd8b38
SSDEEP

48:q0Z48j1gA5YHofrhWR0/iIsipbYtDfXgOrnsB/S+0cmXruG3BeMM:1tRn5cofrY06I/VY1no0VaQBq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27
PID 1476 wrote to memory of 1856	1476	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cf0150296a1e57a93ddc07cd22a9d1f0daf7b0382a81a41c0e8dc5a850ac9ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cf0150296a1e57a93ddc07cd22a9d1f0daf7b0382a81a41c0e8dc5a850ac9ee.dll,#1
  2⤵
  PID:1856

memory/1856-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download