f5a002b6b1314170e1bd4393e58aa0b6dd52136bc6a04b278a1d742c3f3d9a7f

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 14:23

Target

f5a002b6b1314170e1bd4393e58aa0b6dd52136bc6a04b278a1d742c3f3d9a7f.dll
Size

102KB
MD5

ee13f015009d554f0fc39aa8a4d974d6
SHA1

b2a11f4c6dbc11772eb8408b4ef00632cfe2e3f0
SHA256

f5a002b6b1314170e1bd4393e58aa0b6dd52136bc6a04b278a1d742c3f3d9a7f
SHA512

4280a1ca29532742c84b71fac3e9a33ee01e7526203e80b15e5ae8d19b74bd589a18721f8036a6d9fcfe78f913d4b4c1b55c498a66bd2c2cd2c665baba223ca1
SSDEEP

1536:6Msa6kRfJirY84erfImafc61JfcUcKDRAM:6Va6wiraf91JcUc4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1480	1448	rundll32.exe	16
PID 1448 wrote to memory of 1480	1448	rundll32.exe	16
PID 1448 wrote to memory of 1480	1448	rundll32.exe	16
PID 1448 wrote to memory of 1480	1448	rundll32.exe	16
PID 1448 wrote to memory of 1480	1448	rundll32.exe	16
PID 1448 wrote to memory of 1480	1448	rundll32.exe	16
PID 1448 wrote to memory of 1480	1448	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5a002b6b1314170e1bd4393e58aa0b6dd52136bc6a04b278a1d742c3f3d9a7f.dll,#1
1⤵
PID:1480

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5a002b6b1314170e1bd4393e58aa0b6dd52136bc6a04b278a1d742c3f3d9a7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448

memory/1480-55-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download