b54e5ff65f8e5c3ae8c638641064c0f0d2bf00bf7322146b7c359ee82b981d25

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:28

Target

b54e5ff65f8e5c3ae8c638641064c0f0d2bf00bf7322146b7c359ee82b981d25.dll
Size

63KB
MD5

37c3c614a7a502d681023b8dd114e8f6
SHA1

52d83e32ccbc216bef96f514fc89cfb1598edfcc
SHA256

b54e5ff65f8e5c3ae8c638641064c0f0d2bf00bf7322146b7c359ee82b981d25
SHA512

d787a74aad845d543d3e42ff46c281bafa0da87c10890f2ac5dbf24dfd467907bf440e66425d05cac05569ecf0625f97b867f5e5b858db1d063552a15b07d801
SSDEEP

1536:kjRUXQD+znPzS2/PLqIgQvkc6s5hDuW2Aq0z1VLjnrzFRqz:kF6QD+rbSYPx5vkcxqWjq0RVL71Rqz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1116	1488	rundll32.exe	26
PID 1488 wrote to memory of 1116	1488	rundll32.exe	26
PID 1488 wrote to memory of 1116	1488	rundll32.exe	26
PID 1488 wrote to memory of 1116	1488	rundll32.exe	26
PID 1488 wrote to memory of 1116	1488	rundll32.exe	26
PID 1488 wrote to memory of 1116	1488	rundll32.exe	26
PID 1488 wrote to memory of 1116	1488	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b54e5ff65f8e5c3ae8c638641064c0f0d2bf00bf7322146b7c359ee82b981d25.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b54e5ff65f8e5c3ae8c638641064c0f0d2bf00bf7322146b7c359ee82b981d25.dll,#1
  2⤵
  PID:1116

memory/1116-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download