c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 20:22

Target

c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900.dll
Size

90KB
MD5

aa88f6baf99ac45ca2f82e05309fd023
SHA1

074f27345f76000d07267adfdd102d2e86308c85
SHA256

c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900
SHA512

3e613632ca195f0334388bf545b4c8c7ae45875fa7708c8bf3b2737cae755567859d497856b94e1298e08859536a11389eb060852f85f073762f187046d24d1c
SSDEEP

1536:l/+avA1/IW9SVcCgBFyWfu76B2i71bHjFvRKm2dJq:lPA9IWMWDFfu+BD71bHjOq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900.dll,#1
  2⤵
  PID:872

memory/872-55-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

Filesize
8KB

Download