cd2ee50970b01bf3c4cbe88628437279ed943d9eb6b72c179a612add7e5f8550

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 21:37

Target

cd2ee50970b01bf3c4cbe88628437279ed943d9eb6b72c179a612add7e5f8550.dll
Size

359KB
MD5

b15107c462f6d4c6a7b157f176cc2cf6
SHA1

149daee0d5cf91912a84a7dc32a66e7c57897071
SHA256

cd2ee50970b01bf3c4cbe88628437279ed943d9eb6b72c179a612add7e5f8550
SHA512

59fe42efaa5d1bbe8445756250dc713ed82ccc226bd3a30db9837a2a12825d4d1f22391b0d150beaf3213c856c03970f4f94f87e1bcc10e13ad59e0bb524b0f2
SSDEEP

6144:pylMQjnSgRwYCAE1ZvtD+k6rGgBiXg5RZLLNtViqpymJZBKCP0ryKF6yQ:pTonSgR9CXvtD+k6rDgQ5nUqpymfkT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd2ee50970b01bf3c4cbe88628437279ed943d9eb6b72c179a612add7e5f8550.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd2ee50970b01bf3c4cbe88628437279ed943d9eb6b72c179a612add7e5f8550.dll,#1
  2⤵
  PID:1224

memory/1224-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download