ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 12:32

Target

ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00.dll
Size

35KB
MD5

e7c2f1455d411c47889083e9ba4cfb70
SHA1

37ae73712e294535e231d7538798e8abdfabd5a0
SHA256

ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00
SHA512

ba9d034593c3eb97f5b5d6d875e60514811bb5827b57d865d4244531e2b21923deb5f5bf4066aadb0acc67c1368cfb7f46bcd830db4bd29a778c9de83ff7ccfe
SSDEEP

768:DsihV/57AWMbOJb6EAK17h0h4mNiOqhskdRa+Lsg:DsiL/57AEJuY7h0h4XhskdRa+Lr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26
PID 1344 wrote to memory of 1560	1344	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00.dll,#1
  2⤵
  PID:1560

memory/1560-54-0x0000000000000000-mapping.dmp

Download
memory/1560-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

Filesize
8KB

Download