687e818f6301f054f822454fab056b331b1c0f1626b4e47e27942f982c7db972

Analysis

max time kernel
41s
max time network
51s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 12:36

Target

687e818f6301f054f822454fab056b331b1c0f1626b4e47e27942f982c7db972.dll
Size

29KB
MD5

08e640914302e6587bb7036541146d50
SHA1

e5ea6e92c1d13da6c7232556e12c986de80b8cea
SHA256

687e818f6301f054f822454fab056b331b1c0f1626b4e47e27942f982c7db972
SHA512

a239388768b88f952b103f44ca5b566b053bbdc9b4dc7854bfdcb1c631091689e3edc016f92f09b81e5f24b1a97e3ec514cf3930c524cfc87a4e4d7d2ecf77ab
SSDEEP

768:vBaLxv5KPsZuHof2RrMGB1Wh0NAQh2hHz32zzsMASZcLU:5aCPo+WSnwhT36ASaU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\687e818f6301f054f822454fab056b331b1c0f1626b4e47e27942f982c7db972.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\687e818f6301f054f822454fab056b331b1c0f1626b4e47e27942f982c7db972.dll,#1
  2⤵
  PID:1376

memory/1376-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download