e7f5d0e38e442f02b2e648105582735f418bc6e0d7041621801270810edb4c52

Analysis

max time kernel
45s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 21:52

Target

e7f5d0e38e442f02b2e648105582735f418bc6e0d7041621801270810edb4c52.dll
Size

42KB
MD5

555a4811328d995a8446479cfb5c17cc
SHA1

97448813fe8d1472481509fe29a599a5abd1fd11
SHA256

e7f5d0e38e442f02b2e648105582735f418bc6e0d7041621801270810edb4c52
SHA512

a2194666333ecd7b5a8ac66ad91721fed39db57ff0ae37e6044e46b79fdc08e744814535439fdd918651e7161e9c977b108e03cd717198054d2914ab53b2e5fa
SSDEEP

768:KIbu3+a5Z32RkdGie1Ynxw0LXxbPa7K5mUZKjVpNSn0yQ721o9m:HS32Rk37w6XxbC7Amlh8rgIo4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 1144	1004	rundll32.exe	28
PID 1004 wrote to memory of 1144	1004	rundll32.exe	28
PID 1004 wrote to memory of 1144	1004	rundll32.exe	28
PID 1004 wrote to memory of 1144	1004	rundll32.exe	28
PID 1004 wrote to memory of 1144	1004	rundll32.exe	28
PID 1004 wrote to memory of 1144	1004	rundll32.exe	28
PID 1004 wrote to memory of 1144	1004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7f5d0e38e442f02b2e648105582735f418bc6e0d7041621801270810edb4c52.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e7f5d0e38e442f02b2e648105582735f418bc6e0d7041621801270810edb4c52.dll,#1
  2⤵
  PID:1144

memory/1144-55-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download
memory/1144-56-0x0000000001DD0000-0x0000000001EA6000-memory.dmp

Filesize
856KB

Download