22b31cd1193c4d01ec7518edfd57203ad37cf4e1a8be2cb663040ebf1619faf2

Analysis

max time kernel
38s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:59

Target

22b31cd1193c4d01ec7518edfd57203ad37cf4e1a8be2cb663040ebf1619faf2.dll
Size

63KB
MD5

f6aed471598244813d5cc14e860c1720
SHA1

6991ddb264b121044efd1b4cf1db7c97d1f322bd
SHA256

22b31cd1193c4d01ec7518edfd57203ad37cf4e1a8be2cb663040ebf1619faf2
SHA512

bc6e4392e4b7e4709c391c297a783d98958657baef67b6bb3fa6be63f5e8d1c07469d8ab48d786decb970ec23d694652b0c4d6222382145c009aa88c3aaff945
SSDEEP

1536:1zExMwCGQ2jJEfMafRDmbq/DVcKa246ixRyMv:1I+wCGvyfMqibmDVRa24Dbfv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1368	1008	rundll32.exe	28
PID 1008 wrote to memory of 1368	1008	rundll32.exe	28
PID 1008 wrote to memory of 1368	1008	rundll32.exe	28
PID 1008 wrote to memory of 1368	1008	rundll32.exe	28
PID 1008 wrote to memory of 1368	1008	rundll32.exe	28
PID 1008 wrote to memory of 1368	1008	rundll32.exe	28
PID 1008 wrote to memory of 1368	1008	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b31cd1193c4d01ec7518edfd57203ad37cf4e1a8be2cb663040ebf1619faf2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b31cd1193c4d01ec7518edfd57203ad37cf4e1a8be2cb663040ebf1619faf2.dll,#1
  2⤵
  PID:1368

memory/1368-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download