a293f0fb5d1d498565d147939fa4c1363b8cf5423a69bb349c9a3816ed5b4fc7

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07-02-2023 09:51

Target

a293f0fb5d1d498565d147939fa4c1363b8cf5423a69bb349c9a3816ed5b4fc7.dll
Size

64KB
MD5

45964c93f91c83aa25f9789371a5af3d
SHA1

0454ed5daace505ca6c782356c61278612367c96
SHA256

a293f0fb5d1d498565d147939fa4c1363b8cf5423a69bb349c9a3816ed5b4fc7
SHA512

1706b462d6abb1179f9c4c32d9aced994e97185c99be226a6b121abc4b39f5e2b8be060f33ea73426fcf66776b32a13dd114d953128cbf4d4490402a72c4b3cb
SSDEEP

768:JenmBkhR25fPE6A/Lyy3siO6qVgmFj9o+pIhIU+3KXjDxoWGyIej:OmcR25ne/dN+17o/XjDxoWG0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 1348	1168	rundll32.exe	28
PID 1168 wrote to memory of 1348	1168	rundll32.exe	28
PID 1168 wrote to memory of 1348	1168	rundll32.exe	28
PID 1168 wrote to memory of 1348	1168	rundll32.exe	28
PID 1168 wrote to memory of 1348	1168	rundll32.exe	28
PID 1168 wrote to memory of 1348	1168	rundll32.exe	28
PID 1168 wrote to memory of 1348	1168	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a293f0fb5d1d498565d147939fa4c1363b8cf5423a69bb349c9a3816ed5b4fc7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a293f0fb5d1d498565d147939fa4c1363b8cf5423a69bb349c9a3816ed5b4fc7.dll,#1
  2⤵
  PID:1348

memory/1348-55-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download