edb0dedd3b03e99f492c6ac886380404af5095790d0cae90c1fbab88384c602f

Analysis

max time kernel
46s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 00:41

Target

edb0dedd3b03e99f492c6ac886380404af5095790d0cae90c1fbab88384c602f.dll
Size

6KB
MD5

c5942e36604bb86fad54cc4a5ecef6b0
SHA1

5a97639ea4bf634b239f7320029dbdb6e0bc9f28
SHA256

edb0dedd3b03e99f492c6ac886380404af5095790d0cae90c1fbab88384c602f
SHA512

be21ad043139bc560452d248025567dc433467d11b95fd29121d3bb87ed628e383bd144799397e340f58306b7b7d69976f1c70c35a4b56e5df878feff348c666
SSDEEP

96:nEY2RrF1eqwi4Efiiwfkz5A5sWopRdbjzYOF:EHRh1epp8L65GdbX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 880	1460	rundll32.exe	28
PID 1460 wrote to memory of 880	1460	rundll32.exe	28
PID 1460 wrote to memory of 880	1460	rundll32.exe	28
PID 1460 wrote to memory of 880	1460	rundll32.exe	28
PID 1460 wrote to memory of 880	1460	rundll32.exe	28
PID 1460 wrote to memory of 880	1460	rundll32.exe	28
PID 1460 wrote to memory of 880	1460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\edb0dedd3b03e99f492c6ac886380404af5095790d0cae90c1fbab88384c602f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\edb0dedd3b03e99f492c6ac886380404af5095790d0cae90c1fbab88384c602f.dll,#1
  2⤵
  PID:880

memory/880-55-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download