a0d94b87da7078925c79ae8840e29234f54727ef5ed9e7f4dc784eeea69985ff

Analysis

max time kernel
15s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 21:18

Target

a0d94b87da7078925c79ae8840e29234f54727ef5ed9e7f4dc784eeea69985ff.dll
Size

20KB
MD5

e68b112882c7c39b54265c06a12a42c7
SHA1

0476463b5f96a42a34a68d468880912c8e89551d
SHA256

a0d94b87da7078925c79ae8840e29234f54727ef5ed9e7f4dc784eeea69985ff
SHA512

e8860d7ea114e2b8f0706a233dde8270c9bf58f291acb2b337155b12ecdc57b24e7627882fb6fd61ab9c1ab39018f95f4bdac7943170411efbb7cc53313dc239
SSDEEP

384:f/Q4j4v8AGsLHJoCXSawizF68Dzd710VqU03EDtISghDxW+vEp:f/QKQ8AGsDJoCXJF68DAVqYDiSd+vEp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 604 wrote to memory of 1192	604	rundll32.exe	28
PID 604 wrote to memory of 1192	604	rundll32.exe	28
PID 604 wrote to memory of 1192	604	rundll32.exe	28
PID 604 wrote to memory of 1192	604	rundll32.exe	28
PID 604 wrote to memory of 1192	604	rundll32.exe	28
PID 604 wrote to memory of 1192	604	rundll32.exe	28
PID 604 wrote to memory of 1192	604	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0d94b87da7078925c79ae8840e29234f54727ef5ed9e7f4dc784eeea69985ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0d94b87da7078925c79ae8840e29234f54727ef5ed9e7f4dc784eeea69985ff.dll,#1
  2⤵
  PID:1192

memory/1192-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download