7c47c65f1aa589c33355d80b1dc26625a313d71538ea966ea921a90db11193ef

Analysis

max time kernel
27s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 09:59

Target

QQ邮箱群发王1.0/ESPI.dll
Size

1.3MB
MD5

9fbb1e0bd621a5331b8dffb5d2989955
SHA1

0dc57f3c98cabd09f15ca7d4457e4c61a2c10ae7
SHA256

71a1b830c0265e8daa71f9ec6ac7875f34058c6b6c496061678192f109f162b0
SHA512

3b4f7f8df77bae2a3a2d4808ff33c5e2a3ca9b6bef5ae6ba7c779688ef10fb17b3ac9ef1d083e763247a0aa81eb7938c6e487e2941561ae0048f2e1347855a09
SSDEEP

24576:BgcA9GTCNJIj8wLXjS9mauEe2gqjKq+/lCPDvDmeAJMI//B9jztlpLUjEtiyb2gu:BjAUCvIj8wLXjS9mauEe2gqjKq+/lCPZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe
PID 1612 wrote to memory of 788	1612	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\QQ邮箱群发王1.0\ESPI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\QQ邮箱群发王1.0\ESPI.dll,#1
  2⤵
  PID:788

memory/788-54-0x0000000000000000-mapping.dmp

Download
memory/788-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download