b27eaa9d2e24a17c4b6d80719dcb88a387f3988981c701e7ed9d7c81070b31ba

Analysis

max time kernel
79s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:36

Target

b27eaa9d2e24a17c4b6d80719dcb88a387f3988981c701e7ed9d7c81070b31ba.dll
Size

5KB
MD5

be0755271ac331441af3d6d546a2eec0
SHA1

82b2e4d2c25e5bac2cefca922d185d53f05a8c77
SHA256

b27eaa9d2e24a17c4b6d80719dcb88a387f3988981c701e7ed9d7c81070b31ba
SHA512

b78b2817cd5fe3dfb4a8c0de109cc539b3a466dfbb7a4bd8e53ee2a644570adf2fac1731a2e33e586af71dd09c2ababcc6ab33e785868a8d34fb828ee573485b
SSDEEP

48:a5zjMTGcITBVQVE1lc4euDlZF5WZQP5uMZ7vF65llhM6tvh0sCO0YdZhOzzq5P1G:iT3Qu8oDvF54+DY5ljXx0YThOzu5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 876	1168	rundll32.exe	28
PID 1168 wrote to memory of 876	1168	rundll32.exe	28
PID 1168 wrote to memory of 876	1168	rundll32.exe	28
PID 1168 wrote to memory of 876	1168	rundll32.exe	28
PID 1168 wrote to memory of 876	1168	rundll32.exe	28
PID 1168 wrote to memory of 876	1168	rundll32.exe	28
PID 1168 wrote to memory of 876	1168	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b27eaa9d2e24a17c4b6d80719dcb88a387f3988981c701e7ed9d7c81070b31ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b27eaa9d2e24a17c4b6d80719dcb88a387f3988981c701e7ed9d7c81070b31ba.dll,#1
  2⤵
  PID:876

memory/876-55-0x0000000075441000-0x0000000075443000-memory.dmp

Filesize
8KB

Download