ec2a9e07b4d0e4a18475eff3280108fcb7b293cd35d73d12d588ab59af90ed14

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 03:55

Target

ec2a9e07b4d0e4a18475eff3280108fcb7b293cd35d73d12d588ab59af90ed14.dll
Size

69KB
MD5

3f1c94b27ef3a416549bcfb401d9f660
SHA1

cdb2a9d1053546e477cf5807375388ac7dce229c
SHA256

ec2a9e07b4d0e4a18475eff3280108fcb7b293cd35d73d12d588ab59af90ed14
SHA512

4f23f1cc5cf427fb2d77846695ef14a7fe0349fbff5940876155cc93d351a966a565c5a510924d602af67bcf054b8f76292846efc9ba104c9c62e2d714644934
SSDEEP

1536:p+CZ8LwKKjTA+BfgkRflBDFEcfoo4Ll4656CYkYsEhufAQCBnu3:gXEDuutBDFEmoo4LlMkrEhufAQwu3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1808	1096	rundll32.exe	28
PID 1096 wrote to memory of 1808	1096	rundll32.exe	28
PID 1096 wrote to memory of 1808	1096	rundll32.exe	28
PID 1096 wrote to memory of 1808	1096	rundll32.exe	28
PID 1096 wrote to memory of 1808	1096	rundll32.exe	28
PID 1096 wrote to memory of 1808	1096	rundll32.exe	28
PID 1096 wrote to memory of 1808	1096	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec2a9e07b4d0e4a18475eff3280108fcb7b293cd35d73d12d588ab59af90ed14.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec2a9e07b4d0e4a18475eff3280108fcb7b293cd35d73d12d588ab59af90ed14.dll,#1
  2⤵
  PID:1808

memory/1808-55-0x0000000075211000-0x0000000075213000-memory.dmp

Filesize
8KB

Download