fc526cf58948f85b7468111ca20dcb14fa3cacebd3b884cc4b333fddfe39b481

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 10:32

Target

fc526cf58948f85b7468111ca20dcb14fa3cacebd3b884cc4b333fddfe39b481.dll
Size

231KB
MD5

e56a5c79b7fd01693d3c4baadf9b454a
SHA1

a55a0c62ccbf6c38beecea2c4f1c55c059f6bc16
SHA256

fc526cf58948f85b7468111ca20dcb14fa3cacebd3b884cc4b333fddfe39b481
SHA512

f7cb82d1b79c4eadee933e391738ea23e2187ef4dee23d75e279331e880adc26c61f0b3ec951a4a9dfd679b791de8a4ea3eb74098871b34fae1666574c937275
SSDEEP

6144:SZjCKTF/DS0Oq+Rzp4xBBchsuD8DJQpZpJcXUaciULhR:SZmXpSBDe8DMJcEQE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc526cf58948f85b7468111ca20dcb14fa3cacebd3b884cc4b333fddfe39b481.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc526cf58948f85b7468111ca20dcb14fa3cacebd3b884cc4b333fddfe39b481.dll,#1
  2⤵
  PID:1708

memory/1708-54-0x0000000000000000-mapping.dmp

Download
memory/1708-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1708-56-0x0000000010000000-0x00000000100A8000-memory.dmp

Filesize
672KB

Download