2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2

Analysis

max time kernel
31s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:06

Target

2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2.dll
Size

28KB
MD5

bc670ecaa216bfdc1abce3745cde34e0
SHA1

7582f19eebb3fce5beb7490c348f4fa2410b94e6
SHA256

2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2
SHA512

75f97717b1d196bec7f89103b9ad41fa04d1255694de8d0475e33be270a54f461c86671fe5c9ffd2f038ef7e617b5499fa251d9337942b9e4a826efad17814b2
SSDEEP

384:KiW2/S8CHPw7Im5ajszMY/7mjA3/OpUP/lfe:0b8IO/u6/O+P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26
PID 1388 wrote to memory of 1536	1388	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2.dll,#1
  2⤵
  PID:1536

memory/1536-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download