a465664d7c071f09546b037ec632d56632fbbe14bfc65dde6a184d35158a2d40

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 04:52

Target

a465664d7c071f09546b037ec632d56632fbbe14bfc65dde6a184d35158a2d40.dll
Size

32KB
MD5

9bcc46cd208fc8d09a47cab6152dec4e
SHA1

cf2710c75626842b6cc60e603d3d7e8f8ff1cac4
SHA256

a465664d7c071f09546b037ec632d56632fbbe14bfc65dde6a184d35158a2d40
SHA512

51dd6ff5c76ca5175cd95414e8af47ba2464365942dcf906a310b178017b4a40080106b0d765f87d7111638f9f4a053b5b14fc7dd7b7b3ce1a3d51b84b8dc14d
SSDEEP

768:sMhqpHLSlNb31pbNG7v6fbZOVOQKTRqMuBkK:VqpA1pQ7ifbK2RqMuBd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27
PID 1872 wrote to memory of 2028	1872	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a465664d7c071f09546b037ec632d56632fbbe14bfc65dde6a184d35158a2d40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a465664d7c071f09546b037ec632d56632fbbe14bfc65dde6a184d35158a2d40.dll,#1
  2⤵
  PID:2028

memory/2028-55-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download