86f5d3c0cbaa87812b3dd0cb29749afc8887ca9600fc5dabb454708f7c1e593c

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 10:41

Target

86f5d3c0cbaa87812b3dd0cb29749afc8887ca9600fc5dabb454708f7c1e593c.dll
Size

6KB
MD5

6258efd23586a480af88e7c5e9ee5c10
SHA1

1430bcd025f02813b6e64244e4a7fd8368154f76
SHA256

86f5d3c0cbaa87812b3dd0cb29749afc8887ca9600fc5dabb454708f7c1e593c
SHA512

bf0b01029c2cc5cfbacb13b385b9862fd98e9ab5d803f808d823d361ce6f8f789f80c599ed6bc60fced8cd23e3be7f67867cc32da946511f2b42542ea803a9b4
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD7BpsDg:juLJ/oAdQPQa2aeng7BpsDg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\86f5d3c0cbaa87812b3dd0cb29749afc8887ca9600fc5dabb454708f7c1e593c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\86f5d3c0cbaa87812b3dd0cb29749afc8887ca9600fc5dabb454708f7c1e593c.dll,#1
  2⤵
  PID:1112

memory/1112-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download