974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 19:53

Target

974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16.dll
Size

46KB
MD5

f499743ad187ee4c1c7cc227c0ae274d
SHA1

115799e315684074f48a50bc16d8e65af064c6d9
SHA256

974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16
SHA512

fad34236e13487dc6494d59a74a1d5c43ce0899899eb4ee8119dd05b436c379fcd242c560d1819d819bf0ffdca0d47f9975bbd8bb249de5bb65546f5aa9bb27f
SSDEEP

768:GbvLDaaMact8TRf2Otog+rsU8fVaIL0wyY3LSEy5mtPDNXfuQPR0YRL2r9s:evNfHtogIP8fVank3SqZXfPR02ms

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28
PID 1956 wrote to memory of 2040	1956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16.dll,#1
  2⤵
  PID:2040

memory/2040-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download