a5777e2c64e9fda09264205aa406743f2e9a2533f89b01558ff6cf10dfa9a9c6

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:11

Target

a5777e2c64e9fda09264205aa406743f2e9a2533f89b01558ff6cf10dfa9a9c6.dll
Size

4KB
MD5

093219bc3d1396d5c4282cfcf8b6d940
SHA1

2b8e46beaceb961bf178207943f5cd585b266bd7
SHA256

a5777e2c64e9fda09264205aa406743f2e9a2533f89b01558ff6cf10dfa9a9c6
SHA512

204573f0ff017c932a9599acb350a1f0a49bcd343bb72b7d5c382fe3c014762103e9ed6871d2a1ddef53179d621ca552f341f15b66d8e220dbb9899ff77342a2
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKCaCk+NYILRSB:PT3r2vu9jruHB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 1620	364	rundll32.exe	26
PID 364 wrote to memory of 1620	364	rundll32.exe	26
PID 364 wrote to memory of 1620	364	rundll32.exe	26
PID 364 wrote to memory of 1620	364	rundll32.exe	26
PID 364 wrote to memory of 1620	364	rundll32.exe	26
PID 364 wrote to memory of 1620	364	rundll32.exe	26
PID 364 wrote to memory of 1620	364	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5777e2c64e9fda09264205aa406743f2e9a2533f89b01558ff6cf10dfa9a9c6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5777e2c64e9fda09264205aa406743f2e9a2533f89b01558ff6cf10dfa9a9c6.dll,#1
  2⤵
  PID:1620

memory/1620-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download