2fa66bc31fd581d00799c88c50fb79e2eb1d25ad1487b7783a32d6024e539076

Analysis

max time kernel
22s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 04:37

Target

2fa66bc31fd581d00799c88c50fb79e2eb1d25ad1487b7783a32d6024e539076.dll
Size

33KB
MD5

9eaec9069340adec271f4b96246d11d0
SHA1

0ffbd3b55b2f6361c85d11f8531f4a39413d9f0a
SHA256

2fa66bc31fd581d00799c88c50fb79e2eb1d25ad1487b7783a32d6024e539076
SHA512

1bb2be601c2a5ff06ba634ac8bebbace6edfd410fa595994c4e5bc42b3a03fdd6725c9cee16ec76cc33ca19e2618fc677f740286feab6f9aeab07a50780049a7
SSDEEP

768:q5rQdVtf/IHuYbUoiPs0XnPF7AHAgqNVOsTRKVs850Y0:srQHtYOYV0Xd74AgU1RKVV50Y0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27
PID 548 wrote to memory of 1756	548	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fa66bc31fd581d00799c88c50fb79e2eb1d25ad1487b7783a32d6024e539076.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fa66bc31fd581d00799c88c50fb79e2eb1d25ad1487b7783a32d6024e539076.dll,#1
  2⤵
  PID:1756

memory/1756-54-0x0000000000000000-mapping.dmp

Download
memory/1756-55-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download