2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1

Analysis

max time kernel
53s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 11:36

Target

2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1.dll
Size

6KB
MD5

4f47d5b25aa97001305d44f646a08310
SHA1

21e63f622b829dcf2c091ab48c737bcc2339dde0
SHA256

2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1
SHA512

f3651e15752a44a621c507bd9c59d3aaf258fd4280c26b2dd652e2ecbf497e620e4c91d1227f0912c392d8ea14399b0dacc09049ed29dfbb585d875c0388b8c0
SSDEEP

96:hy859x0P8MaXr62qV0dr6JE+KcN+RE/29C:F5oL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28
PID 1212 wrote to memory of 1988	1212	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1.dll,#1
  2⤵
  PID:1988

memory/1988-55-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download