ed8e5539ee05b8dc48f507252d125a97ee84a98f90f63d5299de3849e9cd0059

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:44

Target

ed8e5539ee05b8dc48f507252d125a97ee84a98f90f63d5299de3849e9cd0059.dll
Size

5KB
MD5

91d467f81cbc2dd62a24be0b27ba63c0
SHA1

48f054650ff9cc2b1e2bc9cfc2c741a151b9adfd
SHA256

ed8e5539ee05b8dc48f507252d125a97ee84a98f90f63d5299de3849e9cd0059
SHA512

f501c77bbffce164416ff03e8b3dad4783b6abac94415bcae345cc66e0b784e56f7a219b3c1d2fa65cf4e21b9bedf4f4f9b09cb387f1cb176b78d2e3ee517c82
SSDEEP

96:nEY2RrF1eqwi4wSgxKsxqsBcljt3PtYSS9qNin3FDrTVY:EHRh1eppwSgrUs2ljtftPZIc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed8e5539ee05b8dc48f507252d125a97ee84a98f90f63d5299de3849e9cd0059.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed8e5539ee05b8dc48f507252d125a97ee84a98f90f63d5299de3849e9cd0059.dll,#1
  2⤵
  PID:1976

memory/1976-55-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download