091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59

Analysis

max time kernel
233s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 11:28

Target

091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59.dll
Size

6KB
MD5

c494db1999e70e9eef79a900d5503780
SHA1

01aa37dc020a77ee65ffafde5746f0fa96c3d369
SHA256

091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59
SHA512

c536e985f138fd3ea2ddfaf0270935a0ca16884149d7aee5b9fc9371599cc905645fb74502b8214261e28015ede2dc7f30218f7b269e85f803049b7f39531e36
SSDEEP

96:nEY2RrF1eqwi4XAufF+Aywx0TofswcFxIue3EjrYpCNyi1a:EHRh1eppwy30Fw7ujjryCYi1a

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1472	1468	rundll32.exe	28
PID 1468 wrote to memory of 1472	1468	rundll32.exe	28
PID 1468 wrote to memory of 1472	1468	rundll32.exe	28
PID 1468 wrote to memory of 1472	1468	rundll32.exe	28
PID 1468 wrote to memory of 1472	1468	rundll32.exe	28
PID 1468 wrote to memory of 1472	1468	rundll32.exe	28
PID 1468 wrote to memory of 1472	1468	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59.dll,#1
  2⤵
  PID:1472

memory/1472-55-0x0000000074E61000-0x0000000074E63000-memory.dmp

Filesize
8KB

Download