e4001b6a46350e77ead770a3f71b8c1837295b0c7ea3b569cbca03dd6571e4ab

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:52

Target

e4001b6a46350e77ead770a3f71b8c1837295b0c7ea3b569cbca03dd6571e4ab.dll
Size

6KB
MD5

d77f2daf5523fab9be51905fe0b53be0
SHA1

350c67e303eb9b8ba2d32893fbfe4324ea525676
SHA256

e4001b6a46350e77ead770a3f71b8c1837295b0c7ea3b569cbca03dd6571e4ab
SHA512

8ee5aa110d200d37bff4f868f79dab683f9277db713189df29b8bd6a1e89099fe07c251d0b26a01654b49493d9921c9d7ef971e7ce74769b68aab404f705cd8f
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD7S:juLJ/oAdQPQa2aeng7S

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4001b6a46350e77ead770a3f71b8c1837295b0c7ea3b569cbca03dd6571e4ab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4001b6a46350e77ead770a3f71b8c1837295b0c7ea3b569cbca03dd6571e4ab.dll,#1
  2⤵
  PID:1236

memory/1236-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

Filesize
8KB

Download