1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b

Analysis

max time kernel
1s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:18

Target

1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll
Size

4KB
MD5

ae5eec84237a696d990259892bdda560
SHA1

aa1e6408c3e472b86193827868a8c7127144032f
SHA256

1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b
SHA512

6a5254a6f5bbb3b01de92643e085432c67f512a817d92ce8d0868f6d57216002833c9c35bf9985b3e980106c1e65f14d60883b57ea425e0ad8fadfc463803b05
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKq2wl+wosa8Gq2uJ23amhmsXx:PT3r2vu9l2wFHWq2/Rh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 948	1216	rundll32.exe	27
PID 1216 wrote to memory of 948	1216	rundll32.exe	27
PID 1216 wrote to memory of 948	1216	rundll32.exe	27
PID 1216 wrote to memory of 948	1216	rundll32.exe	27
PID 1216 wrote to memory of 948	1216	rundll32.exe	27
PID 1216 wrote to memory of 948	1216	rundll32.exe	27
PID 1216 wrote to memory of 948	1216	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll,#1
  2⤵
  PID:948

memory/948-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download