e259a3f5c4fa7b96f75cf36a066734cec0d1bf1b6800dad70638a078c96fadc9

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:56

Target

e259a3f5c4fa7b96f75cf36a066734cec0d1bf1b6800dad70638a078c96fadc9.dll
Size

54KB
MD5

68e0a28682dc80f73cace3ac420d7f50
SHA1

92c62e18bc6572f5446344dfafca73dd98c083b1
SHA256

e259a3f5c4fa7b96f75cf36a066734cec0d1bf1b6800dad70638a078c96fadc9
SHA512

bbe70bc4d02e35a2325f21465c79d0901fbc6ad1ea7ebbd0353ac69c44e869b59a8a9a9044846a4a3ec8bb99a23819d3b0d0dc6f52966861f1a1a9ca18d28988
SSDEEP

1536:ob8Vwn/yHXr9CR8xpf0U51nTvoo90XJAt:oz/y3rsSzfTrnTNyAt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1220	1716	rundll32.exe	27
PID 1716 wrote to memory of 1220	1716	rundll32.exe	27
PID 1716 wrote to memory of 1220	1716	rundll32.exe	27
PID 1716 wrote to memory of 1220	1716	rundll32.exe	27
PID 1716 wrote to memory of 1220	1716	rundll32.exe	27
PID 1716 wrote to memory of 1220	1716	rundll32.exe	27
PID 1716 wrote to memory of 1220	1716	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e259a3f5c4fa7b96f75cf36a066734cec0d1bf1b6800dad70638a078c96fadc9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e259a3f5c4fa7b96f75cf36a066734cec0d1bf1b6800dad70638a078c96fadc9.dll,#1
  2⤵
  PID:1220

memory/1220-55-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download