e138aab03b96b61cc77f1b5330372c8d9dd97872d2955eb16bcb5eb942b7e226

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/09/2022, 20:18

Target

e138aab03b96b61cc77f1b5330372c8d9dd97872d2955eb16bcb5eb942b7e226.dll
Size

211KB
MD5

0812cff728905cfc0c57d6dcb23f71a5
SHA1

b3819e9184e9faa97eca73a433b70ca771003948
SHA256

e138aab03b96b61cc77f1b5330372c8d9dd97872d2955eb16bcb5eb942b7e226
SHA512

fd386ef3eb75d5e87f476e24df0271683b61160688fc68112d30e553e84441ac4caae6a74e7524dbf8efb3b19795095cd9228911c9c1a6814754804c7a5c5840
SSDEEP

6144:jE3vt8VkomMsQs66Kj0TfyVbZFhIdloSsUv2:4GV2MsQs66A0TfybFiPoSbv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 1992	456	rundll32.exe	28
PID 456 wrote to memory of 1992	456	rundll32.exe	28
PID 456 wrote to memory of 1992	456	rundll32.exe	28
PID 456 wrote to memory of 1992	456	rundll32.exe	28
PID 456 wrote to memory of 1992	456	rundll32.exe	28
PID 456 wrote to memory of 1992	456	rundll32.exe	28
PID 456 wrote to memory of 1992	456	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e138aab03b96b61cc77f1b5330372c8d9dd97872d2955eb16bcb5eb942b7e226.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e138aab03b96b61cc77f1b5330372c8d9dd97872d2955eb16bcb5eb942b7e226.dll,#1
  2⤵
  PID:1992

memory/1992-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/1992-56-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download