eed778bb8cda64046402416654bc33305a620df568b358e929d9510b5db3371e

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 01:47

Target

eed778bb8cda64046402416654bc33305a620df568b358e929d9510b5db3371e.dll
Size

6KB
MD5

76d58fb944dfa20666024c90d59eff70
SHA1

f0cb8f9d47b28c3f06f35ff199fa84c5af6ef109
SHA256

eed778bb8cda64046402416654bc33305a620df568b358e929d9510b5db3371e
SHA512

b7e837bed8f3212c3eb3ec43ec124a699564236dcdbdb607bdd3fb9e961850546fbacef8f65311f698df98eec615f829a79be31ce45c2ba6c81e45a2b6ca739c
SSDEEP

96:hyZxm/jmjhjvj3jcZGV4Ft8g/c2HimS69SZRi038kT:2M/SdjbgYWRC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28
PID 1980 wrote to memory of 940	1980	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eed778bb8cda64046402416654bc33305a620df568b358e929d9510b5db3371e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eed778bb8cda64046402416654bc33305a620df568b358e929d9510b5db3371e.dll,#1
  2⤵
  PID:940

memory/940-54-0x0000000000000000-mapping.dmp

Download
memory/940-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download