ef0a192d784916154a76d5f5b8f42beca629d3f3be1f9b2636ef9d01668342e5

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 04:25

Target

ef0a192d784916154a76d5f5b8f42beca629d3f3be1f9b2636ef9d01668342e5.dll
Size

60KB
MD5

6095816d6eb1bb8529c323a28432e1d7
SHA1

8a0c4a5585d99f2364d29c35dd0f29a1797d8b7d
SHA256

ef0a192d784916154a76d5f5b8f42beca629d3f3be1f9b2636ef9d01668342e5
SHA512

5227165cdc99909d51c0b9eb1503055c7b1d429844178adb3ad1b108b77b2a0757117d2ddfdeda0bb80d12fd1dbe8d3d29c04b3c28ae5d5d24781773aeacc15a
SSDEEP

768:obY4lUdn3EetCHZB662aXl/+dY8wEYtNPFNNebVLboP1UqhjDsuwMHNyeHHu3:JGEnUgCHb6qAN/UNPTNaLbjoN83

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1808	1324	rundll32.exe	27
PID 1324 wrote to memory of 1808	1324	rundll32.exe	27
PID 1324 wrote to memory of 1808	1324	rundll32.exe	27
PID 1324 wrote to memory of 1808	1324	rundll32.exe	27
PID 1324 wrote to memory of 1808	1324	rundll32.exe	27
PID 1324 wrote to memory of 1808	1324	rundll32.exe	27
PID 1324 wrote to memory of 1808	1324	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef0a192d784916154a76d5f5b8f42beca629d3f3be1f9b2636ef9d01668342e5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef0a192d784916154a76d5f5b8f42beca629d3f3be1f9b2636ef9d01668342e5.dll,#1
  2⤵
  PID:1808

memory/1808-55-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download