46d082c3ec0f1e0ec77f756b3b22db8a83d289c0e0d818f63a73e032b5b0aa09

Analysis

max time kernel
48s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 00:39

Target

46d082c3ec0f1e0ec77f756b3b22db8a83d289c0e0d818f63a73e032b5b0aa09.dll
Size

4KB
MD5

9fc79c2a8c7b23730a769b77e5b98160
SHA1

989d6905e00385fb5680d25ebb59ddc130cb883f
SHA256

46d082c3ec0f1e0ec77f756b3b22db8a83d289c0e0d818f63a73e032b5b0aa09
SHA512

2848ee6d22c81af0d337c3ee2ff5cf04f33f9934027b7836862751af7f6fbe07074add740b6ab8200cb6faeaa4dd53d87cf701a36583e447fe7f90f5aa99d129
SSDEEP

48:a5zjMTGcITBVQVE1lcNHKz/jKYp6T9mRivWZOSLEi+VvqYhQJHfFZ6:iT3Qu8dKzeYpxCuxEXvqY+J/b6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 964	948	rundll32.exe	28
PID 948 wrote to memory of 964	948	rundll32.exe	28
PID 948 wrote to memory of 964	948	rundll32.exe	28
PID 948 wrote to memory of 964	948	rundll32.exe	28
PID 948 wrote to memory of 964	948	rundll32.exe	28
PID 948 wrote to memory of 964	948	rundll32.exe	28
PID 948 wrote to memory of 964	948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d082c3ec0f1e0ec77f756b3b22db8a83d289c0e0d818f63a73e032b5b0aa09.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d082c3ec0f1e0ec77f756b3b22db8a83d289c0e0d818f63a73e032b5b0aa09.dll,#1
  2⤵
  PID:964

memory/964-55-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download