821c3b73828030b0b0d30afc8674a282eca1159a7cdc4f6516a7b8e8f12f1ccd

Analysis

max time kernel
38s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:54

Target

821c3b73828030b0b0d30afc8674a282eca1159a7cdc4f6516a7b8e8f12f1ccd.dll
Size

6KB
MD5

e391a38c6921b637fc873ad8be0aa290
SHA1

bc0fa14e86148be8e8cdf7f5278f2780d0c23c88
SHA256

821c3b73828030b0b0d30afc8674a282eca1159a7cdc4f6516a7b8e8f12f1ccd
SHA512

e097cbb6725f5b928e0c3df0c9d89d86cd103abd7d67fb9ca19fb44ff2119ef1983505679bd1b036ca5a0d7fa16e1c895a4debafdf4330c70d11ce85b8959db8
SSDEEP

96:nEY2RrF1eqwi48g62BcVaeNIi5gnOFmoCMeOTUDJ:EHRh1eppc4c8YynAmye1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28
PID 1916 wrote to memory of 1376	1916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\821c3b73828030b0b0d30afc8674a282eca1159a7cdc4f6516a7b8e8f12f1ccd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\821c3b73828030b0b0d30afc8674a282eca1159a7cdc4f6516a7b8e8f12f1ccd.dll,#1
  2⤵
  PID:1376

memory/1376-55-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download