da5d92ff30c798e147cb4497b0530d9efa3c5fcbd2899038bf41fc2cb58b9634

Analysis

max time kernel
57s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:49

Target

da5d92ff30c798e147cb4497b0530d9efa3c5fcbd2899038bf41fc2cb58b9634.dll
Size

242KB
MD5

dba7d72d3769721e0727ee72eff5fd2a
SHA1

71923f931d49b7de87ef927a3cf108652a2965bb
SHA256

da5d92ff30c798e147cb4497b0530d9efa3c5fcbd2899038bf41fc2cb58b9634
SHA512

749463da298e3b0c2f55d35b28b072cb8e5cb70c227e3d927c43425a4897428c9f59bc018f1fcd5bb85d06e5d3ad6e9bf1768ce8045e9d04cb09f953fc6860eb
SSDEEP

3072:goyxvfGCX2tMY/jgAg2qvCPdrqnS2zT4sPLc9Uq1ul5hrc:goQfL6MAgjbT4uc97j

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 268	772	rundll32.exe	28
PID 772 wrote to memory of 268	772	rundll32.exe	28
PID 772 wrote to memory of 268	772	rundll32.exe	28
PID 772 wrote to memory of 268	772	rundll32.exe	28
PID 772 wrote to memory of 268	772	rundll32.exe	28
PID 772 wrote to memory of 268	772	rundll32.exe	28
PID 772 wrote to memory of 268	772	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\da5d92ff30c798e147cb4497b0530d9efa3c5fcbd2899038bf41fc2cb58b9634.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\da5d92ff30c798e147cb4497b0530d9efa3c5fcbd2899038bf41fc2cb58b9634.dll,#1
  2⤵
  PID:268

memory/268-55-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/268-56-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download