200c582938ead19e329933a0597156bedc9e24f6207ccf3be8e7a0e659301fdc

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 06:19

Target

200c582938ead19e329933a0597156bedc9e24f6207ccf3be8e7a0e659301fdc.dll
Size

56KB
MD5

e2c0e78a980ea5cc8fdc73f88b1cf020
SHA1

677f1553ed0d5345a29b50d9db25346501cf86f2
SHA256

200c582938ead19e329933a0597156bedc9e24f6207ccf3be8e7a0e659301fdc
SHA512

80ce770f6e72863ea4323bb920623b10d30b7203474b44d0c9093135178b7b5a0de666efb5a0254115f52d11e819f677c7d2f3d4f90a51235ffdc0933570b5a0
SSDEEP

768:9xBtKtqyLUucc7KeGM2ft4i4NqEED3C6nQd/+kylJRQnx39jBUc:9+2ftwI55nO/z0onPBR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27
PID 1328 wrote to memory of 1196	1328	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\200c582938ead19e329933a0597156bedc9e24f6207ccf3be8e7a0e659301fdc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\200c582938ead19e329933a0597156bedc9e24f6207ccf3be8e7a0e659301fdc.dll,#1
  2⤵
  PID:1196

memory/1196-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download