fc5ed9dd4a31082f692eb4541b15218437cece8adbeb2a71ea3de989e8c2ee15

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 02:30

Target

fc5ed9dd4a31082f692eb4541b15218437cece8adbeb2a71ea3de989e8c2ee15.dll
Size

62KB
MD5

e708fd865dd8bd7ade3e67f534791df7
SHA1

1459ae3d99ab489d4a8071565dc812d497489281
SHA256

fc5ed9dd4a31082f692eb4541b15218437cece8adbeb2a71ea3de989e8c2ee15
SHA512

7dc84909083b61584e5233d1c6abc8d0b8746f019c41539fac154dfd9fd1ba3bccc907f56ed5dfbede6ecda6134999e8f6453ddc696b7c4128872f70c08a647a
SSDEEP

1536:j18Ltp1KetwckTx3eaH3X9GIHdvMGvt8cUmOD1u9q2ywaKs:neWbnZLzl8Qqw1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1372	864	rundll32.exe	28
PID 864 wrote to memory of 1372	864	rundll32.exe	28
PID 864 wrote to memory of 1372	864	rundll32.exe	28
PID 864 wrote to memory of 1372	864	rundll32.exe	28
PID 864 wrote to memory of 1372	864	rundll32.exe	28
PID 864 wrote to memory of 1372	864	rundll32.exe	28
PID 864 wrote to memory of 1372	864	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc5ed9dd4a31082f692eb4541b15218437cece8adbeb2a71ea3de989e8c2ee15.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc5ed9dd4a31082f692eb4541b15218437cece8adbeb2a71ea3de989e8c2ee15.dll,#1
  2⤵
  PID:1372

memory/1372-55-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download