fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 13:30

Target

fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll
Size

19KB
MD5

f58d1d4c09a0390b2956edb9c7f03ac4
SHA1

313f1d76ada308664b4deada79997b948ff16eab
SHA256

fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e
SHA512

60b92a56ba9b8737b21d40f5d1a7c475b849a51fffe2d6fd77e366d9e42f4dab5f7f80e43ceb43f648af2a5bf950d1add67545604c230e50825e02022bad3aa7
SSDEEP

384:jQNm+awSIqEy+xng67fXsCZejfY1YhJpJgLa0MpHr:MNjSIhy4fXsfrvjgLa1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26
PID 1424 wrote to memory of 1852	1424	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll,#1
  2⤵
  PID:1852

memory/1852-55-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download