52f958f278100b7e98fe878cbb81f17b13a1f15a24fae05e18a559ab4df28136

Analysis

max time kernel
4s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 20:35

Target

52f958f278100b7e98fe878cbb81f17b13a1f15a24fae05e18a559ab4df28136.dll
Size

55KB
MD5

54b31f6cb52a0547fd06224422ca5580
SHA1

20ddcd6ef602856eb0b425f164eea96d63b2933c
SHA256

52f958f278100b7e98fe878cbb81f17b13a1f15a24fae05e18a559ab4df28136
SHA512

aef667225282f3085f0f83ff0c4f06adee5b9f5691f6e7ac837c61e88fa2326f9e4179263a07e4bcc05880521e31ab1e11602d8f144f3b40026a3c41b6d46508
SSDEEP

1536:q+gWgHmrDQN/EvllCwtxLVmyrEiQClgaeWaRWs527:IOgmvCORVvr59lveCww

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1360	1416	rundll32.exe	28
PID 1416 wrote to memory of 1360	1416	rundll32.exe	28
PID 1416 wrote to memory of 1360	1416	rundll32.exe	28
PID 1416 wrote to memory of 1360	1416	rundll32.exe	28
PID 1416 wrote to memory of 1360	1416	rundll32.exe	28
PID 1416 wrote to memory of 1360	1416	rundll32.exe	28
PID 1416 wrote to memory of 1360	1416	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52f958f278100b7e98fe878cbb81f17b13a1f15a24fae05e18a559ab4df28136.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52f958f278100b7e98fe878cbb81f17b13a1f15a24fae05e18a559ab4df28136.dll,#1
  2⤵
  PID:1360

memory/1360-55-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download