922e23bd14223abc2b3df69d6ebc2156b153bc4dc37c4390f70d4c8f12946e8b

Analysis

max time kernel
30s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:42

Target

922e23bd14223abc2b3df69d6ebc2156b153bc4dc37c4390f70d4c8f12946e8b.dll
Size

5KB
MD5

54055ed190122de2399905b260ba6670
SHA1

783912bb2014209ff61809b49b0ba1860c3743a1
SHA256

922e23bd14223abc2b3df69d6ebc2156b153bc4dc37c4390f70d4c8f12946e8b
SHA512

377cd205de495e2341412d9e1966f08a2e5ee5f2523c5197b88c86b43c73931e33989cf8ea68b8529402399fbaf2da32a7868cf36c59b45bed71c19d1b027bc3
SSDEEP

96:WLRxkjujtjd8jPjcZG2Uoa2446gxKbuSi:WtqKR6bgYIbl6gwbuSi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1792	1260	rundll32.exe	28
PID 1260 wrote to memory of 1792	1260	rundll32.exe	28
PID 1260 wrote to memory of 1792	1260	rundll32.exe	28
PID 1260 wrote to memory of 1792	1260	rundll32.exe	28
PID 1260 wrote to memory of 1792	1260	rundll32.exe	28
PID 1260 wrote to memory of 1792	1260	rundll32.exe	28
PID 1260 wrote to memory of 1792	1260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\922e23bd14223abc2b3df69d6ebc2156b153bc4dc37c4390f70d4c8f12946e8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\922e23bd14223abc2b3df69d6ebc2156b153bc4dc37c4390f70d4c8f12946e8b.dll,#1
  2⤵
  PID:1792

memory/1792-55-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download