5348a4d5ffe33a0bfe969a6eb0b60339427f0f2a51e6905e08f93ab2b6084c05

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 22:39

Target

5348a4d5ffe33a0bfe969a6eb0b60339427f0f2a51e6905e08f93ab2b6084c05.dll
Size

200KB
MD5

d729cde27cff2a4c22548a18b27ab237
SHA1

2909b49f08d9bbd5af2fb8415b569885d6006d9d
SHA256

5348a4d5ffe33a0bfe969a6eb0b60339427f0f2a51e6905e08f93ab2b6084c05
SHA512

dfffc16c39f7b044220d5c881c4d8af0a500eb99431849a1e25e5b24d41962753ba34b1d8ff0b153e7ba67bfe985386d94c6389e0d16cfddac7e273088a2295b
SSDEEP

3072:ss1Ga+DlnD5p9jSkLQujbypDYfxTPVie8H:RG3DlnJWkLQ6TP/Y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5348a4d5ffe33a0bfe969a6eb0b60339427f0f2a51e6905e08f93ab2b6084c05.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5348a4d5ffe33a0bfe969a6eb0b60339427f0f2a51e6905e08f93ab2b6084c05.dll,#1
  2⤵
  PID:1756

memory/1756-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/1756-56-0x0000000010000000-0x000000001006E000-memory.dmp

Filesize
440KB

Download
memory/1756-57-0x0000000010000000-0x000000001006E000-memory.dmp

Filesize
440KB

Download