b2a26a19676e5ab2d07c0de2d953728b99fed0146feebe4832201b9b043ebccd

Analysis

max time kernel
4s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 23:05

Target

b2a26a19676e5ab2d07c0de2d953728b99fed0146feebe4832201b9b043ebccd.dll
Size

11KB
MD5

f66f48b85efa71b98082e61e098d5c50
SHA1

f16289927c02c9a7e81145f12fa08d4699924794
SHA256

b2a26a19676e5ab2d07c0de2d953728b99fed0146feebe4832201b9b043ebccd
SHA512

9bf6a19bd283b4d5a48efb14a0f4cb2c9628ac51c2eca22d6a152a567abb79ca5dd953e87ea06f334ce7f6aaa3760acd7ce352ae581ed96d557b624107ea77ba
SSDEEP

192:Btra49/x/ABHrV0AA7MDeDsF3g8tfTPEfFzNc8kPdeeWdWqM:fmyZAHrV5WARg8tLPeyPWdW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1312	1324	rundll32.exe	28
PID 1324 wrote to memory of 1312	1324	rundll32.exe	28
PID 1324 wrote to memory of 1312	1324	rundll32.exe	28
PID 1324 wrote to memory of 1312	1324	rundll32.exe	28
PID 1324 wrote to memory of 1312	1324	rundll32.exe	28
PID 1324 wrote to memory of 1312	1324	rundll32.exe	28
PID 1324 wrote to memory of 1312	1324	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2a26a19676e5ab2d07c0de2d953728b99fed0146feebe4832201b9b043ebccd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2a26a19676e5ab2d07c0de2d953728b99fed0146feebe4832201b9b043ebccd.dll,#1
  2⤵
  PID:1312

memory/1312-55-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download