2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e

Analysis

max time kernel
46s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 21:50

Target

2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e.dll
Size

56KB
MD5

5f0dafdc2267c180096ee4f5c880a9b5
SHA1

f6e1b3c946af9c1a87180a88921d7d5e56d46102
SHA256

2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e
SHA512

6349dfb12571b27147fe8426f00f9b8cc1d2ada87dacaca56dec905b7b6a51ca6cce2692ca90405547789f2a5cd5c22f372443a299351a792c5cabcb5b305464
SSDEEP

768:u1CcrzeYsr836EH/CalRiNDqBvhmZZyiwjb:CCSCopqJNDqBoZZypj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2016	1912	rundll32.exe	27
PID 1912 wrote to memory of 2016	1912	rundll32.exe	27
PID 1912 wrote to memory of 2016	1912	rundll32.exe	27
PID 1912 wrote to memory of 2016	1912	rundll32.exe	27
PID 1912 wrote to memory of 2016	1912	rundll32.exe	27
PID 1912 wrote to memory of 2016	1912	rundll32.exe	27
PID 1912 wrote to memory of 2016	1912	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e.dll,#1
  2⤵
  PID:2016

memory/2016-55-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download