a5ac844f9811a4c0a17601a53a94ce2312f5666b63c35310a64e51ab23ad2c62

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 08:36

Target

a5ac844f9811a4c0a17601a53a94ce2312f5666b63c35310a64e51ab23ad2c62.dll
Size

56KB
MD5

5871534cff529e3f42619e757fcdb00a
SHA1

111e042f0ce5e15342d7f470fd1bb01b9d190605
SHA256

a5ac844f9811a4c0a17601a53a94ce2312f5666b63c35310a64e51ab23ad2c62
SHA512

fbce54a161f88feb561e21c1dd0c3e42e7dbc706ec006705c4e31cb2e4903b12c56021d9b207bc23cdf36962868f1b52f31347d1437d2ba1357bb2e463d6cab7
SSDEEP

768:UE4jxzrUT7N7iApZxETq7MegE7Dlh0jEaeIiDAT6Knoc9p/Dd:zfpHETq3gESEahNocp

Score

1^/10

Suspicious behavior: EnumeratesProcesses 11 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26
PID 1364 wrote to memory of 1260	1364	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5ac844f9811a4c0a17601a53a94ce2312f5666b63c35310a64e51ab23ad2c62.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5ac844f9811a4c0a17601a53a94ce2312f5666b63c35310a64e51ab23ad2c62.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260

memory/1260-54-0x0000000000000000-mapping.dmp

Download
memory/1260-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1260-56-0x0000000000160000-0x000000000016F000-memory.dmp

Filesize
60KB

Download