c5b1fdf3c16ecf6c60fd047369e8b6e6bf98b9793e036cdee21a800eb686afd8

Analysis

max time kernel
29s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:08

Target

c5b1fdf3c16ecf6c60fd047369e8b6e6bf98b9793e036cdee21a800eb686afd8.dll
Size

44KB
MD5

0ba98f31523518ada71aeeaadd1a826b
SHA1

ea8bbb8aaed7fe38aa4842b03d4a10191b3a5187
SHA256

c5b1fdf3c16ecf6c60fd047369e8b6e6bf98b9793e036cdee21a800eb686afd8
SHA512

6ab032dccc94d5ec8a22d917fa9867e335dc61004941b8fda86e907c057b40c817f2cb5639be1dd98a92b6a6054dca7dd8d0ba89287e241d6414cb7fc38e1be8
SSDEEP

768:SGsnSheXe0mucZuOMHyTBoTf0eWhAYeB3tF9BkzWU:SNu0mucZuOZTBkDYe9tiL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 952	1756	rundll32.exe	27
PID 1756 wrote to memory of 952	1756	rundll32.exe	27
PID 1756 wrote to memory of 952	1756	rundll32.exe	27
PID 1756 wrote to memory of 952	1756	rundll32.exe	27
PID 1756 wrote to memory of 952	1756	rundll32.exe	27
PID 1756 wrote to memory of 952	1756	rundll32.exe	27
PID 1756 wrote to memory of 952	1756	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5b1fdf3c16ecf6c60fd047369e8b6e6bf98b9793e036cdee21a800eb686afd8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5b1fdf3c16ecf6c60fd047369e8b6e6bf98b9793e036cdee21a800eb686afd8.dll,#1
  2⤵
  PID:952

memory/952-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download