7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 09:43

Target

7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll
Size

63KB
MD5

6cb368470f933e72c4c9f0cbc90de8e6
SHA1

aa45d56d643c862b6e30c1b6e76550ab05afb074
SHA256

7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6
SHA512

3aafc9af61d7af43c8091c6d6d9e12e93c5d5a87b1ea6314c45d0676d8413534e09ad2a541ccb3e3b6f5d1c787d4d542c8c9b4b847e95161b52d55bff1aec955
SSDEEP

1536:DVV1HTa30cRQlvmofjwLpPxFf0dbrxEobUZxyqPSwr:DVrW3xAvmZLpPx8ZxgyqDr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll,#1
  2⤵
  PID:1928

memory/1928-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download