c475c66c0a4e1a3e55291ae36f401df110c2d926a46fbdc27d42b5f01ef8332a

Analysis

max time kernel
85s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 02:42

Target

c475c66c0a4e1a3e55291ae36f401df110c2d926a46fbdc27d42b5f01ef8332a.dll
Size

41KB
MD5

48f5ddc3496e19db10c781c738f68b4f
SHA1

2919d6cf8175eed4457e53a0619c028f5289c7c6
SHA256

c475c66c0a4e1a3e55291ae36f401df110c2d926a46fbdc27d42b5f01ef8332a
SHA512

ea94b39ddd986636fedc5b54d328f41d78741a94b74b95151c9d9244cf8639ce517f2cefd38bbfc2377a627d42a268ef54de9fe2cc894a3939816145af38a4dd
SSDEEP

768:ro/ipasLwMdCysTa9z6gE0FTweprCbCzFKRxT7wBTT2i24jn7To9IjT:ro/2PLwMdpUaVia8W/x6xT7cTeInPo6P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 1524	1164	rundll32.exe	28
PID 1164 wrote to memory of 1524	1164	rundll32.exe	28
PID 1164 wrote to memory of 1524	1164	rundll32.exe	28
PID 1164 wrote to memory of 1524	1164	rundll32.exe	28
PID 1164 wrote to memory of 1524	1164	rundll32.exe	28
PID 1164 wrote to memory of 1524	1164	rundll32.exe	28
PID 1164 wrote to memory of 1524	1164	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c475c66c0a4e1a3e55291ae36f401df110c2d926a46fbdc27d42b5f01ef8332a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c475c66c0a4e1a3e55291ae36f401df110c2d926a46fbdc27d42b5f01ef8332a.dll,#1
  2⤵
  PID:1524

memory/1524-54-0x0000000000000000-mapping.dmp

Download
memory/1524-55-0x0000000076931000-0x0000000076933000-memory.dmp

Filesize
8KB

Download