da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5

Analysis

max time kernel
45s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 22:58

Target

eAPI.dll
Size

312KB
MD5

64aefef610718b294203ae2956254c01
SHA1

c8ef50708bec760f0f9683d21f9cdb3456298b0f
SHA256

d072e1f656b1eb28f392739aaa35d1c9d665c71b757c7f06115915d233fd639d
SHA512

11f6cb8fd4d4826a0b27922cdada2dd5179f9e927fb2303677684bfcf089b3a756cbcc0e3c6d9517e2daeb82880cc2af2fc27d0e30e171288c5fb6af26ec26df
SSDEEP

3072:QVBuza6k99TrJeRA3iO3iL24Qf5JQ3vWjWHpcE7x8rADTDA4W0kJPoFwfVGrFwQH:QVwza6E9TYqy9QB0OILXaVWwQ+5odS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2008 wrote to memory of 1364	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1364	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1364	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1364	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1364	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1364	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 1364	2008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eAPI.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eAPI.dll,#1
  2⤵
  PID:1364

memory/1364-54-0x0000000000000000-mapping.dmp

Download
memory/1364-55-0x0000000076AE1000-0x0000000076AE3000-memory.dmp

Filesize
8KB

Download