1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:40

Target

1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll
Size

6KB
MD5

c30c325fa9c5088e6d28f5985fb68b20
SHA1

eac770442b3b97c577b0ab6f3f43c2735a6cf394
SHA256

1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a
SHA512

120e05eb3e2b952bc5192df519c789cd2cdca58ee544b8fb0d86356ab90c15ebba1bbe4a6ccfc2c1ead223df12b4be2a1abbffac149aa484261d370f7893b4d9
SSDEEP

192:EHRh1eppBh8QyYsvzi38GzP2U8EbNmKFZmsAasLux:EHROXhz9svu38Gz2U8EbNmKFZmsAasLY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27
PID 1768 wrote to memory of 1112	1768	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll,#1
  2⤵
  PID:1112

memory/1112-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download