2e1ddbdaf0c3084d262fac0f7cc55c9cb37fa9591257e4cc874612a3f8796def

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-10-2022 13:00

Target

2e1ddbdaf0c3084d262fac0f7cc55c9cb37fa9591257e4cc874612a3f8796def.dll
Size

3.5MB
MD5

da7b3e0b1860b7c78b78f0949f2b44a1
SHA1

ab278090305e5d1610105bef3612bc25af2711c8
SHA256

2e1ddbdaf0c3084d262fac0f7cc55c9cb37fa9591257e4cc874612a3f8796def
SHA512

d8239a2f81a394fff76a0e70ae29657605a221f08d66434bcc0734cf3b2dd61ee8576cdc44089e58bf285dce80a62c454c832249fa217d2dc19d6501155efc4f
SSDEEP

98304:nDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:nDqPe1Cxcxk3ZAEUadzR8yc4H

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27
PID 1048 wrote to memory of 540	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e1ddbdaf0c3084d262fac0f7cc55c9cb37fa9591257e4cc874612a3f8796def.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e1ddbdaf0c3084d262fac0f7cc55c9cb37fa9591257e4cc874612a3f8796def.dll,#1
  2⤵
  PID:540

memory/540-54-0x0000000000000000-mapping.dmp

Download
memory/540-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download