021e9657a44646a4463289d673386cdcdc4cbe4515411d5a8f92318e7450bf7d

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 23:11

Target

021e9657a44646a4463289d673386cdcdc4cbe4515411d5a8f92318e7450bf7d.dll
Size

52KB
MD5

48535dbe43999076d54d1148ae8cfb27
SHA1

42ae7c509ddb0d1df68c5b3e051ed49d2bcbe26d
SHA256

021e9657a44646a4463289d673386cdcdc4cbe4515411d5a8f92318e7450bf7d
SHA512

d245b37cf5bf6a3bdb7993f3b02e6748c0b1df72d58c8bf27d90792df55e1b9a9f96603f6eb41c90df619540309114b04f5e94c6e447c66914ee2f02913e0206
SSDEEP

768:TbDHyISzDYRx7YX5sBMxnnkw1D44EVjTtsN5rerzGhrmLOkTEyDxNqqYTQW:TaRIRxkX5sC1ctjTtSry4KFguN5YTQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28
PID 828 wrote to memory of 1972	828	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\021e9657a44646a4463289d673386cdcdc4cbe4515411d5a8f92318e7450bf7d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\021e9657a44646a4463289d673386cdcdc4cbe4515411d5a8f92318e7450bf7d.dll,#1
  2⤵
  PID:1972

memory/1972-55-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download