b2d2c2a10938a4fede605a542b83c9fb68b8475e2acd56c038494e172f2d9094

Analysis

max time kernel
25s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24/11/2022, 06:08

Target

b2d2c2a10938a4fede605a542b83c9fb68b8475e2acd56c038494e172f2d9094.dll
Size

507KB
MD5

f90a6777cc3e0c3c410aae99630e2916
SHA1

2e319793bdc40d96a29466929578d02fedbd9c42
SHA256

b2d2c2a10938a4fede605a542b83c9fb68b8475e2acd56c038494e172f2d9094
SHA512

f61c11814517ab433d4a8b91c90b108393f457ca0f88c3c15625cab585c5fc5f66c731c764e7a990c94ed74718a7ae6707707da7aa5e84eea8e3a2e0708560ac
SSDEEP

6144:MErg5wexmBQn3Uam6egqBDkTC78b8PNG+OS1hp4rT4PckPdgx97uI93jAxEWv1gX:MiimB63Uam7o0yYNPhpuzkPdgxQgm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2d2c2a10938a4fede605a542b83c9fb68b8475e2acd56c038494e172f2d9094.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2d2c2a10938a4fede605a542b83c9fb68b8475e2acd56c038494e172f2d9094.dll,#1
  2⤵
  PID:2040

memory/2040-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download