e831ed97138028e3a74e070e145ce0d4c84c2c5b943bdfdf7ae9a255798c85c9

Analysis

max time kernel
30s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:20

Target

e831ed97138028e3a74e070e145ce0d4c84c2c5b943bdfdf7ae9a255798c85c9.dll
Size

85KB
MD5

255d89db85146c1413a29c8eb88669d0
SHA1

cae15fd22d288db95dfbde882ef8fcee34fc303a
SHA256

e831ed97138028e3a74e070e145ce0d4c84c2c5b943bdfdf7ae9a255798c85c9
SHA512

25dd58255fc6c9be5b034490397644809ceebde48c130f2781db35d0b3d24f7d0be282909afc772836c035360782930dffae0fef63a3d0f1cb5085553659c268
SSDEEP

1536:8Ysd25oG2r4HMYMqpgSznju7s3gxrqEllM2gB9+OHiBVYZ6t:8Ys85oJwjuAgxWESH+SiBiZ6t

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2020	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28
PID 872 wrote to memory of 2020	872	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e831ed97138028e3a74e070e145ce0d4c84c2c5b943bdfdf7ae9a255798c85c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e831ed97138028e3a74e070e145ce0d4c84c2c5b943bdfdf7ae9a255798c85c9.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020

memory/2020-55-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download
memory/2020-56-0x00000000001E0000-0x000000000021A000-memory.dmp

Filesize
232KB

Download
memory/2020-57-0x00000000001E1000-0x0000000000213000-memory.dmp

Filesize
200KB

Download
memory/2020-61-0x0000000000120000-0x0000000000123000-memory.dmp

Filesize
12KB

Download
memory/2020-62-0x0000000000120000-0x0000000000123000-memory.dmp

Filesize
12KB

Download