37a96c5075f739506af888b6b844a3b56aa70bdca01c8ce8e08f0eb00fd8c910

Analysis

max time kernel
34s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 22:14

Target

plugins/xray_export.dll
Size

316KB
MD5

611bc973785a1fd9feb6aef8db1d4c7c
SHA1

2823207e3a12c66d666c72cadf59266bcf6c8fe5
SHA256

13046d4b6d823d8d079f68aaceda84b4fb6091ae7401f68795c73a5ef291aac4
SHA512

a02b486d5d4e3a2b16defc2ff4db3f12e05a7c84dc22f34a7ad00f1a3e9cad8b70ef5d88074ceb03cbc797cc2ee9476024b33c9660b4c90fbeaa3d608b461ca4
SSDEEP

3072:umqIUNpcV/s6qdgpXSbHN1KQCZA6f/pbOaLYaWcj8Du8XIoW7O3h5MZ6:5XU3cV/s6qdD7Cr1LP8DuszW7O3h1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2028	1780	rundll32.exe	28
PID 1780 wrote to memory of 2028	1780	rundll32.exe	28
PID 1780 wrote to memory of 2028	1780	rundll32.exe	28
PID 1780 wrote to memory of 2028	1780	rundll32.exe	28
PID 1780 wrote to memory of 2028	1780	rundll32.exe	28
PID 1780 wrote to memory of 2028	1780	rundll32.exe	28
PID 1780 wrote to memory of 2028	1780	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\xray_export.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\xray_export.dll,#1
  2⤵
  PID:2028

memory/2028-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download