5c4b73fe8499daedecf868e575a52f2b2f74dd8a6d28cc5982b6431afc6c0cf0

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-05-2023 10:36

Target

5c4b73fe8499daedecf868e575a52f2b2f74dd8a6d28cc5982b6431afc6c0cf0.dll
Size

220KB
MD5

4872683129661fd864550c170bc0aa41
SHA1

81fe36896f24087faeb603cc21570565a69e39c1
SHA256

5c4b73fe8499daedecf868e575a52f2b2f74dd8a6d28cc5982b6431afc6c0cf0
SHA512

198c112bf2cb98291d6d908d4cfd535b01675418545da6b166472f1bdfd694fd6bac7391b5021d2972e9610e28b77edc4b32ce61ebce37217ea9a0cc991335a7
SSDEEP

6144:tIIIIpzEtV8k+diK2+cEyecpAOGwvjECW:Lc8k+8KpfyFpMw7ECW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1524	1584	rundll32.exe	27
PID 1584 wrote to memory of 1524	1584	rundll32.exe	27
PID 1584 wrote to memory of 1524	1584	rundll32.exe	27
PID 1584 wrote to memory of 1524	1584	rundll32.exe	27
PID 1584 wrote to memory of 1524	1584	rundll32.exe	27
PID 1584 wrote to memory of 1524	1584	rundll32.exe	27
PID 1584 wrote to memory of 1524	1584	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c4b73fe8499daedecf868e575a52f2b2f74dd8a6d28cc5982b6431afc6c0cf0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c4b73fe8499daedecf868e575a52f2b2f74dd8a6d28cc5982b6431afc6c0cf0.dll,#1
  2⤵
  PID:1524