4a556fd979b39ae49ce6f6fadb2ea0d372c113d808a5ea712c8edfae2f27beb1

Analysis

max time kernel
18s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:26

Target

4a556fd979b39ae49ce6f6fadb2ea0d372c113d808a5ea712c8edfae2f27beb1.dll
Size

6KB
MD5

390faad79ad5f3af772817f74bb174d0
SHA1

83c027d976e33848c935d951113b69c050042f5a
SHA256

4a556fd979b39ae49ce6f6fadb2ea0d372c113d808a5ea712c8edfae2f27beb1
SHA512

b8c1ce7cc2d5975f0ab5fa75ff9d0b5f3bf27488d800582d8927fe194ff52c07075ceed27c0ede4d7b3e0daef4471cccd2fb8348110a68c84b48b0b80d5e9f12
SSDEEP

96:nEY2RrF1eqwi4yim48gbA6I9jh3QtHmLokscYzeCnl:EHRh1eppC4ZhujhimLokCl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 1900	892	rundll32.exe	27
PID 892 wrote to memory of 1900	892	rundll32.exe	27
PID 892 wrote to memory of 1900	892	rundll32.exe	27
PID 892 wrote to memory of 1900	892	rundll32.exe	27
PID 892 wrote to memory of 1900	892	rundll32.exe	27
PID 892 wrote to memory of 1900	892	rundll32.exe	27
PID 892 wrote to memory of 1900	892	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a556fd979b39ae49ce6f6fadb2ea0d372c113d808a5ea712c8edfae2f27beb1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a556fd979b39ae49ce6f6fadb2ea0d372c113d808a5ea712c8edfae2f27beb1.dll,#1
  2⤵
  PID:1900

memory/1900-55-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download