b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b

Analysis

max time kernel
38s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:49

Target

b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b.dll
Size

5KB
MD5

80a6e4c51331a098f5680665d3e1c9d0
SHA1

8b4d15e2695d8828d068733efe81bc877910b85c
SHA256

b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b
SHA512

4bdd6edbb3bfdf3ad40b3f6cc91c7a26a6562bbdca142d21eab75094dbea8eea24f167c446260ff9897ec6acf5d3cf638df16d08ee242eb86cd30e35955e3769
SSDEEP

96:nEY2RrF1eqwi441DJTlNm7RKAk6iOdAtSWU7zNP7P2:EHRh1eppCPN2rklsANChP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26
PID 1112 wrote to memory of 1384	1112	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b.dll,#1
  2⤵
  PID:1384

memory/1384-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download