3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189

Analysis

max time kernel
85s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 05:51

Target

3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189.dll
Size

32KB
MD5

7f1ef06dcca4faae53cbc99d139ebbe0
SHA1

fd7745b3eb99f46c3ff39293636308a120645a5f
SHA256

3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189
SHA512

f98f7d530c2e3c12265673210a375306d3e081a853294250793d39fa789b92e1207a4176ceedb707c32d4540c1fd0efc1a5fc8fe1e0701ea407af72d6319cb6d
SSDEEP

768:7qnOeTNYmNXW/t8/lo7tRypE5hqD5SROde:7qnOerUt8a7tRQakgROY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1484	1096	rundll32.exe	28
PID 1096 wrote to memory of 1484	1096	rundll32.exe	28
PID 1096 wrote to memory of 1484	1096	rundll32.exe	28
PID 1096 wrote to memory of 1484	1096	rundll32.exe	28
PID 1096 wrote to memory of 1484	1096	rundll32.exe	28
PID 1096 wrote to memory of 1484	1096	rundll32.exe	28
PID 1096 wrote to memory of 1484	1096	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189.dll,#1
  2⤵
  PID:1484

memory/1484-55-0x00000000763A1000-0x00000000763A3000-memory.dmp

Filesize
8KB

Download