f2a29c734d12995de9bf6872cf9a004b1478847500f74eed5a64fa04791f5b21

Analysis

max time kernel
22s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 22:56

Target

f2a29c734d12995de9bf6872cf9a004b1478847500f74eed5a64fa04791f5b21.dll
Size

233KB
MD5

c7093508202a8f9f15df92980fb867a0
SHA1

0e258cacb2a80f7333b7c1d8d03f2542e7cddc2e
SHA256

f2a29c734d12995de9bf6872cf9a004b1478847500f74eed5a64fa04791f5b21
SHA512

9f53ba6e868299b6358d28f4c33d32a240f64dec3b5596b27af7fced958434dec290d8048a2a25f04a93cceeca4493975079d031d8dcc3dbdbae44fff730018e
SSDEEP

3072:OnMoFkOKCg3CXmSSZlzzeBTg4vRPo5NNFs+XNtUU/chmcFTulOVq5pN8APbOox25:OMJOWK4l9wqOVq1zPbO02G4tl5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 944	1220	rundll32.exe	27
PID 1220 wrote to memory of 944	1220	rundll32.exe	27
PID 1220 wrote to memory of 944	1220	rundll32.exe	27
PID 1220 wrote to memory of 944	1220	rundll32.exe	27
PID 1220 wrote to memory of 944	1220	rundll32.exe	27
PID 1220 wrote to memory of 944	1220	rundll32.exe	27
PID 1220 wrote to memory of 944	1220	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2a29c734d12995de9bf6872cf9a004b1478847500f74eed5a64fa04791f5b21.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2a29c734d12995de9bf6872cf9a004b1478847500f74eed5a64fa04791f5b21.dll,#1
  2⤵
  PID:944

memory/944-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/944-56-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download