ee4c06cd97d98d015bb5e7d8474fa5aea587052bd3debbcb6f1eb730598291cc

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 16:45

Target

ee4c06cd97d98d015bb5e7d8474fa5aea587052bd3debbcb6f1eb730598291cc.dll
Size

5KB
MD5

63112dc9c4aae95d9242978b7b710741
SHA1

c68639c341dbedced4f8bab2ab8e0c884b39acea
SHA256

ee4c06cd97d98d015bb5e7d8474fa5aea587052bd3debbcb6f1eb730598291cc
SHA512

3d780075aed3acf42dcd05313067b34c89e212905bb20698a62ad2a09545135414f17487158fb7045fa8c1d77fc6f8bdd4fe7c2e8f57ceed12ace8bac41a606d
SSDEEP

96:nEY2RrF1eqwi4FAnVQVlvPXH9IeVSmiv:EHRh1eppGYXXdRQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 1628	844	rundll32.exe	28
PID 844 wrote to memory of 1628	844	rundll32.exe	28
PID 844 wrote to memory of 1628	844	rundll32.exe	28
PID 844 wrote to memory of 1628	844	rundll32.exe	28
PID 844 wrote to memory of 1628	844	rundll32.exe	28
PID 844 wrote to memory of 1628	844	rundll32.exe	28
PID 844 wrote to memory of 1628	844	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee4c06cd97d98d015bb5e7d8474fa5aea587052bd3debbcb6f1eb730598291cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee4c06cd97d98d015bb5e7d8474fa5aea587052bd3debbcb6f1eb730598291cc.dll,#1
  2⤵
  PID:1628

memory/1628-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download