efad0b392e613ec7f74a64b4447f1ce6dfb8939831c7270df0ef2ff9d967501a

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 07:24

Target

efad0b392e613ec7f74a64b4447f1ce6dfb8939831c7270df0ef2ff9d967501a.dll
Size

10KB
MD5

67cd3094a762a4c6c5f2cc0eb2190425
SHA1

d00b3783c76130c0032b4daec42e58b21693bdff
SHA256

efad0b392e613ec7f74a64b4447f1ce6dfb8939831c7270df0ef2ff9d967501a
SHA512

26923dd7f48c5d8c071b8b86380c6b55fce51b8950fab86e179fbd7b389f215918c63d079dc4a2b0414705cf06a41db818aed8b45037883bb0a669350458f192
SSDEEP

192:41mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o92b:48jhdHad/z20IyFWakC84dWaWak8cdWj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26
PID 1452 wrote to memory of 532	1452	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\efad0b392e613ec7f74a64b4447f1ce6dfb8939831c7270df0ef2ff9d967501a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\efad0b392e613ec7f74a64b4447f1ce6dfb8939831c7270df0ef2ff9d967501a.dll,#1
  2⤵
  PID:532

memory/532-55-0x0000000075041000-0x0000000075043000-memory.dmp

Filesize
8KB

Download
memory/532-56-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download