ca61d1da431279e3cda50ed1c8762bfb9a80768a635b96bdf26c5537b58b87ca

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 21:21

Target

ca61d1da431279e3cda50ed1c8762bfb9a80768a635b96bdf26c5537b58b87ca.dll
Size

33KB
MD5

52c48231383fd96c0c6333ed135ab78f
SHA1

a85940eac09b871681126998c3c2dc2f8b197299
SHA256

ca61d1da431279e3cda50ed1c8762bfb9a80768a635b96bdf26c5537b58b87ca
SHA512

5004def41f96b4983ab592f07ad5ea99037750d11e314855da34be92e5c874e666a4e09782d10c52c6528a4c228839ffcb319550e42db1a452f3c5e5d0e0e7a9
SSDEEP

768:pH4aBVqnqHBD4Sti108HmOSZdN4sbCaPUbPTBBQARQk7JvC:OKRXbCaPUbbBBQAR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28
PID 1384 wrote to memory of 1744	1384	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca61d1da431279e3cda50ed1c8762bfb9a80768a635b96bdf26c5537b58b87ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca61d1da431279e3cda50ed1c8762bfb9a80768a635b96bdf26c5537b58b87ca.dll,#1
  2⤵
  PID:1744

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download