e28dd76617f4215d8f6b823740a4bd9b3153e1c4157a4fa14380cf3450abf4e7

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 17:20

Target

e28dd76617f4215d8f6b823740a4bd9b3153e1c4157a4fa14380cf3450abf4e7.dll
Size

265KB
MD5

1928ef5b9aff36d7b715fa0b982d91a0
SHA1

6ad0c57c30b2bfa687d4887f8ee8f3a3cdace1c1
SHA256

e28dd76617f4215d8f6b823740a4bd9b3153e1c4157a4fa14380cf3450abf4e7
SHA512

402e362ad8cd5f7cae7be45c1e308885cb9854d7a26e37d84cd18fbabd33db394bdf6d02126bf85045e26a391ff6b7f4eb8467a59a861deb2323bfd8de4c9d43
SSDEEP

3072:CJ251bkWa9n8AXbQUAUcvofQjbU3KTBftb/ehPKQvu:CJ251bkWaN8AXbQUkvQIbU3KTBlbW1G

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 1356	1256	rundll32.exe	26
PID 1256 wrote to memory of 1356	1256	rundll32.exe	26
PID 1256 wrote to memory of 1356	1256	rundll32.exe	26
PID 1256 wrote to memory of 1356	1256	rundll32.exe	26
PID 1256 wrote to memory of 1356	1256	rundll32.exe	26
PID 1256 wrote to memory of 1356	1256	rundll32.exe	26
PID 1256 wrote to memory of 1356	1256	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e28dd76617f4215d8f6b823740a4bd9b3153e1c4157a4fa14380cf3450abf4e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e28dd76617f4215d8f6b823740a4bd9b3153e1c4157a4fa14380cf3450abf4e7.dll,#1
  2⤵
  PID:1356

memory/1356-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download