a7ed7bc5c9727f308ea11bd79cffe5dd9adeb99e8042fea25a9a1f2c4a80f6c9

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:24

Target

a7ed7bc5c9727f308ea11bd79cffe5dd9adeb99e8042fea25a9a1f2c4a80f6c9.dll
Size

119KB
MD5

632ba928fd57a7869ee635192e38daba
SHA1

0df0b2ff50287098b6a78fa1149c9bac0f0b6ed8
SHA256

a7ed7bc5c9727f308ea11bd79cffe5dd9adeb99e8042fea25a9a1f2c4a80f6c9
SHA512

b3e15ff52ce1364411de5c93d89234169e77de14830103a38dce20eb82498e13740fd562e779393bb76657aa027061939c87b9187b4cb026096543f03aaeff31
SSDEEP

3072:S8OWE/Fw125Uv4J8KnlB8rvuW/SdVC+oPhNF:DOWePeO8uBaGjdV4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27
PID 1176 wrote to memory of 1020	1176	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7ed7bc5c9727f308ea11bd79cffe5dd9adeb99e8042fea25a9a1f2c4a80f6c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7ed7bc5c9727f308ea11bd79cffe5dd9adeb99e8042fea25a9a1f2c4a80f6c9.dll,#1
  2⤵
  PID:1020

memory/1020-55-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download