7f491afa07f20494db77674d623deb6d31c01d1e6c020a95ccafe2c9dfd725fc

Analysis

max time kernel
3s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 20:41

Target

7f491afa07f20494db77674d623deb6d31c01d1e6c020a95ccafe2c9dfd725fc.dll
Size

63KB
MD5

5fb43811914173056b85bda9a66df8c0
SHA1

8d3234aa3fb84c30d0561dbb0f593d8fff10ea74
SHA256

7f491afa07f20494db77674d623deb6d31c01d1e6c020a95ccafe2c9dfd725fc
SHA512

a2fe2dddb13e5cdc919bfaedff1bb109f02241cadd89e89f7976bba5996b81716240aea4ff298dc5048c34dc8e82cf1c635440b3711f6f253fa811cc893ad144
SSDEEP

1536:1zExMwCGQ2j4Nf6nXA3QtPX2wMc+JzUP0lWij0O:1I+wCGvCfGA3QD9+RUMlJ7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 1552	1796	rundll32.exe	28
PID 1796 wrote to memory of 1552	1796	rundll32.exe	28
PID 1796 wrote to memory of 1552	1796	rundll32.exe	28
PID 1796 wrote to memory of 1552	1796	rundll32.exe	28
PID 1796 wrote to memory of 1552	1796	rundll32.exe	28
PID 1796 wrote to memory of 1552	1796	rundll32.exe	28
PID 1796 wrote to memory of 1552	1796	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f491afa07f20494db77674d623deb6d31c01d1e6c020a95ccafe2c9dfd725fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f491afa07f20494db77674d623deb6d31c01d1e6c020a95ccafe2c9dfd725fc.dll,#1
  2⤵
  PID:1552

memory/1552-54-0x0000000000000000-mapping.dmp

Download
memory/1552-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download