5db94c1cd84d8a300f4da0a9cf46ec0907d6eea138e0017184a7a9950fb0624e

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 20:34

Target

5db94c1cd84d8a300f4da0a9cf46ec0907d6eea138e0017184a7a9950fb0624e.dll
Size

71KB
MD5

71431bdb68b291478779cb596fc27340
SHA1

bfda0e7fc4754041e2279246512a4b5600ae7e28
SHA256

5db94c1cd84d8a300f4da0a9cf46ec0907d6eea138e0017184a7a9950fb0624e
SHA512

0a22458aa943141768335725e58d118bffd8706c1d001e5a3de81abb568f3aff659032a3fe1174988c74a5fcce70487d065dbe04ef99dcf0406b6725a7d5d87c
SSDEEP

1536:jZIcCxRRuJzYR8EpmjP/yYMXLDITKBCu2a5/rTtfvi0f7gDI:x+TCMPpMP/2fPZ2CX1vi07h

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2028	1056	rundll32.exe	26
PID 1056 wrote to memory of 2028	1056	rundll32.exe	26
PID 1056 wrote to memory of 2028	1056	rundll32.exe	26
PID 1056 wrote to memory of 2028	1056	rundll32.exe	26
PID 1056 wrote to memory of 2028	1056	rundll32.exe	26
PID 1056 wrote to memory of 2028	1056	rundll32.exe	26
PID 1056 wrote to memory of 2028	1056	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5db94c1cd84d8a300f4da0a9cf46ec0907d6eea138e0017184a7a9950fb0624e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5db94c1cd84d8a300f4da0a9cf46ec0907d6eea138e0017184a7a9950fb0624e.dll,#1
  2⤵
  PID:2028

memory/2028-54-0x0000000000000000-mapping.dmp

Download
memory/2028-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download