5f453aec405fd34156a607c630f4430090122131839f6da6f718c9231548c8a4

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 10:45

Target

5f453aec405fd34156a607c630f4430090122131839f6da6f718c9231548c8a4.dll
Size

5KB
MD5

1a93adfd18434824281d37ec15b960e0
SHA1

09081232d0f93b7a2726052925ff04dcfd16fc62
SHA256

5f453aec405fd34156a607c630f4430090122131839f6da6f718c9231548c8a4
SHA512

d960b6183aa59b742652306d584ee367c717793193ce8f4f20e2329a68aa69f0e0133c011735cd94d6ed255000e7dce995f3b49fe4e42bb838398c60e0781f31
SSDEEP

48:q0aaPO8jGSLIv+Tqq7NqrhWR07iIsitl6YtDytJFgOrnsB/SsyomXrKLRl2YKh:1h9jTqMMrY0OI/KYyznSMXh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f453aec405fd34156a607c630f4430090122131839f6da6f718c9231548c8a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f453aec405fd34156a607c630f4430090122131839f6da6f718c9231548c8a4.dll,#1
  2⤵
  PID:1472

memory/1472-54-0x0000000000000000-mapping.dmp

Download
memory/1472-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download