2d1e4060c8c1b01b9d5eb9266545f04653466074a610cd8c3e592225d116695e

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 04:16

Target

2d1e4060c8c1b01b9d5eb9266545f04653466074a610cd8c3e592225d116695e.dll
Size

75KB
MD5

4336818d05585aa74dd0d3704acdb416
SHA1

86fb068fd60e1c4b002fcf2b7d3dad70a2ffdcb1
SHA256

2d1e4060c8c1b01b9d5eb9266545f04653466074a610cd8c3e592225d116695e
SHA512

d129c443d2bfd45cdd35b02ec753f21ba1d2cb06326c630793dee09f54fc214114a49ec57dd6fccf9a13888e5f3540162c7aa573359dc59687da91277a3cb47e
SSDEEP

1536:SAVJ0mWeB/iU9OXIKkHmWZQMfApdxaF5nw7qa/RY0PksLI:zJ0mW8/iz4tHmWWOApdxaFVfayuI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d1e4060c8c1b01b9d5eb9266545f04653466074a610cd8c3e592225d116695e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d1e4060c8c1b01b9d5eb9266545f04653466074a610cd8c3e592225d116695e.dll,#1
  2⤵
  PID:304

memory/304-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download