78056deb150f0cde98be7d9fd8a363727e3c5d2a0cc37276f36c4a7376281cf7

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:32

Target

78056deb150f0cde98be7d9fd8a363727e3c5d2a0cc37276f36c4a7376281cf7.dll
Size

6KB
MD5

e9df324e379bebbd5871404b09cd1fa0
SHA1

dbf05d8d5c0cb9823287721a93d3254321075326
SHA256

78056deb150f0cde98be7d9fd8a363727e3c5d2a0cc37276f36c4a7376281cf7
SHA512

84c4e47d6e7fb5e1b0b3dc85d5a34d62869e69802a54a7c20d731faad81219ea311758710523a040fdea617504ca17478a5b1ce1eba350f09b57d916a90addee
SSDEEP

96:DixZjmjtjd8jPjcZGR5TId/CAisBh3nvWdPAet:unSR6bgYi/CDsBVnvWdPAet

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27
PID 1760 wrote to memory of 1252	1760	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78056deb150f0cde98be7d9fd8a363727e3c5d2a0cc37276f36c4a7376281cf7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\78056deb150f0cde98be7d9fd8a363727e3c5d2a0cc37276f36c4a7376281cf7.dll,#1
  2⤵
  PID:1252

memory/1252-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download