52e8a53750e73da596209e352e37192fd1fd963349bfa8c2bf4533a051ca2229

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-12-2022 13:55

Target

52e8a53750e73da596209e352e37192fd1fd963349bfa8c2bf4533a051ca2229.dll
Size

268KB
MD5

20ada446e9adbe9fbd87663085b0a887
SHA1

904318d0dbce74033be04508e4ce91e497b3f676
SHA256

52e8a53750e73da596209e352e37192fd1fd963349bfa8c2bf4533a051ca2229
SHA512

cb805775906e112b646acb59a3493a5be495d81c2896f73e8cd79b49472d13837fd3d2af39e6c4507473614bd0f195275166c8e2d1584e9693175c10d35444fc
SSDEEP

6144:0vpYuzbiNpNvCQNbJmjrhAMKfOL0OdxA3LvpYuzbiNpNvCQNbJmjrhAMKfOb:Cfzbi9vD+FKf40i09fzbi9vD+FKfU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1896	1912	rundll32.exe	28
PID 1912 wrote to memory of 1896	1912	rundll32.exe	28
PID 1912 wrote to memory of 1896	1912	rundll32.exe	28
PID 1912 wrote to memory of 1896	1912	rundll32.exe	28
PID 1912 wrote to memory of 1896	1912	rundll32.exe	28
PID 1912 wrote to memory of 1896	1912	rundll32.exe	28
PID 1912 wrote to memory of 1896	1912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52e8a53750e73da596209e352e37192fd1fd963349bfa8c2bf4533a051ca2229.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52e8a53750e73da596209e352e37192fd1fd963349bfa8c2bf4533a051ca2229.dll,#1
  2⤵
  PID:1896

memory/1896-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download