b7de40e031443c8450ad12bdeba587d626218ef967125cb176d2902f01a4ead9

Analysis

max time kernel
4s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 21:30

Target

b7de40e031443c8450ad12bdeba587d626218ef967125cb176d2902f01a4ead9.dll
Size

33KB
MD5

fda8279a8d1d90c12a5a8ff1571e6431
SHA1

42802ee7f763b470babed4251e916181ca2db22c
SHA256

b7de40e031443c8450ad12bdeba587d626218ef967125cb176d2902f01a4ead9
SHA512

6b9e16dce2f92d0e0484ccab27a42e68e8bd2f99483e525468d8d4c5e7f6930adbccd95f17e7435bd5013e13f4b7699b0986b26d0f9e4848530279d49bf5d85e
SSDEEP

768:B8pjghrK5eEOyzNqi9UHjA7Vsc7vHFT35hcDCsjpRZddFI:B8pjarK5eNH8X7vlTpCusjpRzdW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28
PID 2044 wrote to memory of 1696	2044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7de40e031443c8450ad12bdeba587d626218ef967125cb176d2902f01a4ead9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7de40e031443c8450ad12bdeba587d626218ef967125cb176d2902f01a4ead9.dll,#1
  2⤵
  PID:1696

memory/1696-55-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download