b44b1b498d9984d1884fa87a3caa5d80a279df051c76caa444440066d61d2eb0

Analysis

max time kernel
45s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09/01/2023, 14:26

Target

5e95d4d1f6b6398a9bd43714fb382f94.dll
Size

1.5MB
MD5

5e95d4d1f6b6398a9bd43714fb382f94
SHA1

54fbc4c4cede485fe27e271c6efb977602bb7ef1
SHA256

b44b1b498d9984d1884fa87a3caa5d80a279df051c76caa444440066d61d2eb0
SHA512

6a7ce1aa709f3d4800689089646d99300fae530350406a4af57dc41e863375ba8cb34d4dbb35ad63ef3efe5c9495d57a1a97b5704819204be41dc3c589c4d4fd
SSDEEP

24576:jQjG/xDWDzHifReGsBJ0N38Ggx/EBL2DNK4BHyrcse/nmxu8/epBw8Detx/t:jF6cRvs/0N38Ggx/EBLUK4fV/RUAw8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1720	1376	rundll32.exe	27
PID 1376 wrote to memory of 1720	1376	rundll32.exe	27
PID 1376 wrote to memory of 1720	1376	rundll32.exe	27
PID 1376 wrote to memory of 1720	1376	rundll32.exe	27
PID 1376 wrote to memory of 1720	1376	rundll32.exe	27
PID 1376 wrote to memory of 1720	1376	rundll32.exe	27
PID 1376 wrote to memory of 1720	1376	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e95d4d1f6b6398a9bd43714fb382f94.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e95d4d1f6b6398a9bd43714fb382f94.dll,#1
  2⤵
  PID:1720

memory/1720-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1720-56-0x0000000074910000-0x0000000074A9B000-memory.dmp

Filesize
1.5MB

Download
memory/1720-57-0x0000000074780000-0x000000007490B000-memory.dmp

Filesize
1.5MB

Download
memory/1720-58-0x0000000074910000-0x0000000074A9B000-memory.dmp

Filesize
1.5MB

Download
memory/1720-59-0x0000000001D90000-0x0000000001EE6000-memory.dmp

Filesize
1.3MB

Download
memory/1720-60-0x00000000001A0000-0x00000000001A4000-memory.dmp

Filesize
16KB

Download
memory/1720-61-0x0000000074910000-0x0000000074990000-memory.dmp

Filesize
512KB

Download
memory/1720-62-0x0000000001D90000-0x0000000001EE6000-memory.dmp

Filesize
1.3MB

Download