5535626d6c8a947e3565b4e0253bbe59fd6e099631a6e022d8d83f57c8ad1fc7

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 20:41

Target

5535626d6c8a947e3565b4e0253bbe59fd6e099631a6e022d8d83f57c8ad1fc7.dll
Size

71KB
MD5

60d1e04981707e4b8c8978d92d260d10
SHA1

ee5d84f83597b358e374ffad1e592b2230413d67
SHA256

5535626d6c8a947e3565b4e0253bbe59fd6e099631a6e022d8d83f57c8ad1fc7
SHA512

1af306b5f1d4e5bdfaf0d7f97d146413c8acba43c24dd91f4aa58f733f365008a8e53eb47b79f395903713f99d339205687715dd5fa62320029a53e77529ec4d
SSDEEP

1536:1zExMwCGQ2jct3DxOzQSHCpF5G+F+NSeWJnxXQ7lr7z:1I+wCGvAtTxcEpF5G+IMv8r

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26
PID 1612 wrote to memory of 788	1612	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5535626d6c8a947e3565b4e0253bbe59fd6e099631a6e022d8d83f57c8ad1fc7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5535626d6c8a947e3565b4e0253bbe59fd6e099631a6e022d8d83f57c8ad1fc7.dll,#1
  2⤵
  PID:788

memory/788-54-0x0000000000000000-mapping.dmp

Download
memory/788-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download