5062601aeac544d930ce3e6ff829df72b30c4cc181b2e3af9bdaadc113f2d807

Analysis

max time kernel
10s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:31

Target

5062601aeac544d930ce3e6ff829df72b30c4cc181b2e3af9bdaadc113f2d807.dll
Size

6KB
MD5

4d874aba4acc5f9c2a4509af4a5e5370
SHA1

a16d510c55dfd7d9f65b25f503adf365abc21ef6
SHA256

5062601aeac544d930ce3e6ff829df72b30c4cc181b2e3af9bdaadc113f2d807
SHA512

042d8638612ff41e4ae5fa3fbad821e282e3fbe8cf8d3e1e48c8a7f5db6397b10a5b0065df076df85b5291a3ec4e7cb3b316568b4c94f45156a2bc1e79ac8c50
SSDEEP

96:z0QR9B6BvAwbYlgK6ZuZ4ZVGYzZAX2cZUOvL:JR94/bY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 932	1476	rundll32.exe	28
PID 1476 wrote to memory of 932	1476	rundll32.exe	28
PID 1476 wrote to memory of 932	1476	rundll32.exe	28
PID 1476 wrote to memory of 932	1476	rundll32.exe	28
PID 1476 wrote to memory of 932	1476	rundll32.exe	28
PID 1476 wrote to memory of 932	1476	rundll32.exe	28
PID 1476 wrote to memory of 932	1476	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5062601aeac544d930ce3e6ff829df72b30c4cc181b2e3af9bdaadc113f2d807.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5062601aeac544d930ce3e6ff829df72b30c4cc181b2e3af9bdaadc113f2d807.dll,#1
  2⤵
  PID:932

memory/932-54-0x0000000000000000-mapping.dmp

Download
memory/932-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download