a64b2f685158280c066dd4acfb424849975116503fd8d762f3a60503880180fc

Analysis

max time kernel
9s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 00:36

Target

a64b2f685158280c066dd4acfb424849975116503fd8d762f3a60503880180fc.dll
Size

5KB
MD5

6c1e4008ab6dd49d9e752128337d72b0
SHA1

534621e23a98dcb8e5d7d860a6abf94342786782
SHA256

a64b2f685158280c066dd4acfb424849975116503fd8d762f3a60503880180fc
SHA512

a4d123e9024edf77973aef6b740f7c1b1089cda74f9b2ede9eb1158b20ff51a1f4cc3fab3824086cafdbf99e2ff8bb187034b09e731e37289c6bf227ccc2feb8
SSDEEP

48:a5zjMTGcITBVQVE1lcRcXP2yUEl8R0kb/CAuNxhmjeDRlO0NubYP9zcWytA:iT3Qu8Gie8R0YuP2cRlKmzPytA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1632	1628	rundll32.exe	28
PID 1628 wrote to memory of 1632	1628	rundll32.exe	28
PID 1628 wrote to memory of 1632	1628	rundll32.exe	28
PID 1628 wrote to memory of 1632	1628	rundll32.exe	28
PID 1628 wrote to memory of 1632	1628	rundll32.exe	28
PID 1628 wrote to memory of 1632	1628	rundll32.exe	28
PID 1628 wrote to memory of 1632	1628	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a64b2f685158280c066dd4acfb424849975116503fd8d762f3a60503880180fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a64b2f685158280c066dd4acfb424849975116503fd8d762f3a60503880180fc.dll,#1
  2⤵
  PID:1632

memory/1632-54-0x0000000000000000-mapping.dmp

Download
memory/1632-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download