ba4dd6acf25dfa932ad5fe351121eff53a8ac07d429fc808335eb9b957a537fa

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 18:04

Target

ba4dd6acf25dfa932ad5fe351121eff53a8ac07d429fc808335eb9b957a537fa.dll
Size

101KB
MD5

b5c30e6d6356457eefa1e4938dfacb6d
SHA1

594f2cd7d28768f8e47c9446eb7b6842a8cb0c81
SHA256

ba4dd6acf25dfa932ad5fe351121eff53a8ac07d429fc808335eb9b957a537fa
SHA512

5e3945f2546a07a34c0d17a432c0dea97e64856be515dc7301e14a3d6268d534095a50762ef72e7486b16881f437d8a4f33d11f9187d6cddd9d111832ea5d0ef
SSDEEP

3072:YtN8zjDMjdB5VbmSyEAgP6fA6JJhqd6dbRA:ENmDYBDmSyEoJJhRl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1124	1492	rundll32.exe	27
PID 1492 wrote to memory of 1124	1492	rundll32.exe	27
PID 1492 wrote to memory of 1124	1492	rundll32.exe	27
PID 1492 wrote to memory of 1124	1492	rundll32.exe	27
PID 1492 wrote to memory of 1124	1492	rundll32.exe	27
PID 1492 wrote to memory of 1124	1492	rundll32.exe	27
PID 1492 wrote to memory of 1124	1492	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba4dd6acf25dfa932ad5fe351121eff53a8ac07d429fc808335eb9b957a537fa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba4dd6acf25dfa932ad5fe351121eff53a8ac07d429fc808335eb9b957a537fa.dll,#1
  2⤵
  PID:1124

memory/1124-54-0x0000000000000000-mapping.dmp

Download
memory/1124-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1124-56-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download