adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444

Analysis

max time kernel
42s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 15:26

Target

adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll
Size

724KB
MD5

2666f45bb2319c9ce5eea68ae0d8b770
SHA1

0bc3dc240ec1080c0617e43adbda384ec404e868
SHA256

adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444
SHA512

2157e08f33a1da568c05efc77a8056f052fb6b21ca4fc2b9a259247aee6177d8463bce15b36e0294231de9131551ebe4fb5f9e6b6c5baab46cdbba07470007fa
SSDEEP

12288:vx4TiB0iVXEvOAy80AhOGISw2toWqaxCmIegYKjK2+VoWuTK4viejSDRmpYjqKl1:Z4w0zO20ActTpcCmILYKV+u9O4qZFIYb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 384	1676	rundll32.exe	27
PID 1676 wrote to memory of 384	1676	rundll32.exe	27
PID 1676 wrote to memory of 384	1676	rundll32.exe	27
PID 1676 wrote to memory of 384	1676	rundll32.exe	27
PID 1676 wrote to memory of 384	1676	rundll32.exe	27
PID 1676 wrote to memory of 384	1676	rundll32.exe	27
PID 1676 wrote to memory of 384	1676	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll,#1
  2⤵
  PID:384

memory/384-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download