81ea9769e2dd0bf03d145dadb196ca13f484531f328280b6eed6610bd092dfcf

Analysis

max time kernel
43s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 02:14

Target

81ea9769e2dd0bf03d145dadb196ca13f484531f328280b6eed6610bd092dfcf.dll
Size

5KB
MD5

e19b34f0844837fab3e229d99214e270
SHA1

a75cf064b4fd49a73a0b2e30cea9a39460de2f72
SHA256

81ea9769e2dd0bf03d145dadb196ca13f484531f328280b6eed6610bd092dfcf
SHA512

b35ca7df9e2c4d54e4849f8869ea4854d0e28f414e03e735c684455fe3cf5afa2fe947158ec9d312b86661a1e6dd9899faf1886de0a835b570a91b064910cb62
SSDEEP

96:hy859x0P8MaHewxyJCa0GU5eyzP6HZa/f:F5oLdwCCa0GU5eyzPmZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\81ea9769e2dd0bf03d145dadb196ca13f484531f328280b6eed6610bd092dfcf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\81ea9769e2dd0bf03d145dadb196ca13f484531f328280b6eed6610bd092dfcf.dll,#1
  2⤵
  PID:1696

memory/1696-55-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download