31593aee87a12b1d7ec104f2a5e4f029b4c28ccf6393540f147442fe3a87c51a

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:05

Target

31593aee87a12b1d7ec104f2a5e4f029b4c28ccf6393540f147442fe3a87c51a.dll
Size

4KB
MD5

22bbfb3b639eb53d773ebd852962c250
SHA1

803770defb6c0c864995e86f84aea24ccb1b2d50
SHA256

31593aee87a12b1d7ec104f2a5e4f029b4c28ccf6393540f147442fe3a87c51a
SHA512

f44aa25d471e91885e5e0ea24a6f536fbd97ba5370f76aa77bd70948597c4439f51535c1fffe4deb28d33b560d03929209800712adb9b2d0409dd1180f389e55
SSDEEP

96:TRphMzf8zCgAWzymZal8k8NvW6UD05IvO6:NpOr8zCgZym0bzDZvn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28
PID 1948 wrote to memory of 1116	1948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31593aee87a12b1d7ec104f2a5e4f029b4c28ccf6393540f147442fe3a87c51a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31593aee87a12b1d7ec104f2a5e4f029b4c28ccf6393540f147442fe3a87c51a.dll,#1
  2⤵
  PID:1116

memory/1116-55-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download