a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 10:33

Target

a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll
Size

5KB
MD5

a08e2afc9688d27f6a971b98e3726ed0
SHA1

8e642e97178931b99ce34234cf7b4badac2ee917
SHA256

a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9
SHA512

06b9bd45fc3837d2991faff56a64771ca055f82e964c5ecf6f1ec1218acfea36b09cf324e8fa25b8458b97f04b63bc940b1e05caa67822e0bac820acc329684a
SSDEEP

96:R6Di6iiGIaXowjJj8KE7milmQ1k6GsvvV0DB5UVMecBsSDo4l4k0cWPBH:R6+a1eSK+VSDcmFRc5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 1116	748	rundll32.exe	27
PID 748 wrote to memory of 1116	748	rundll32.exe	27
PID 748 wrote to memory of 1116	748	rundll32.exe	27
PID 748 wrote to memory of 1116	748	rundll32.exe	27
PID 748 wrote to memory of 1116	748	rundll32.exe	27
PID 748 wrote to memory of 1116	748	rundll32.exe	27
PID 748 wrote to memory of 1116	748	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll,#1
  2⤵
  PID:1116

memory/1116-55-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

Filesize
8KB

Download