a2d92ee201926d7b099d0f61acd00c36db9c5481c5eb9564ee6945f09e710ee8

Analysis

max time kernel
45s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 09:56

Target

a2d92ee201926d7b099d0f61acd00c36db9c5481c5eb9564ee6945f09e710ee8.dll
Size

6KB
MD5

766a449221ac9c87180fe8604cf2c0c3
SHA1

e3ce5efc06bf149f89d9303d9de2d6912bbb0d59
SHA256

a2d92ee201926d7b099d0f61acd00c36db9c5481c5eb9564ee6945f09e710ee8
SHA512

07ff21315cbafad7d67afe0c935da5f98eddbcc2f9c0f03dc2bbe63169a387099faa7716d7e067e79a46db251b5427598e4e90b22e84c6729efae2999a48f61a
SSDEEP

96:z0QR9B6BvAwbP84cOjo6veYBQ7tX19APsiMkePwsNKQ:JR94/bUEjoLYeHOsGePwsNK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2d92ee201926d7b099d0f61acd00c36db9c5481c5eb9564ee6945f09e710ee8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2d92ee201926d7b099d0f61acd00c36db9c5481c5eb9564ee6945f09e710ee8.dll,#1
  2⤵
  PID:1356

memory/1356-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download