fee8c8ffb6152320b5002c7e5888477ffd58ce4601c2ac70ca07667b81ca2ea5

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 00:40

Target

fee8c8ffb6152320b5002c7e5888477ffd58ce4601c2ac70ca07667b81ca2ea5.dll
Size

6KB
MD5

91b108757a71f5163704cf4a9e542eb0
SHA1

bc684fdfb495de8e7b084fb744b0f66ca0832ca9
SHA256

fee8c8ffb6152320b5002c7e5888477ffd58ce4601c2ac70ca07667b81ca2ea5
SHA512

2e410bba56c79aba2432a81ec09fd2e38beae4752547bb5a944b8acd1d46b5f07c2a78624f408f8b59a31e77e4131f1eca75171f09f00ccd750e087e79495a29
SSDEEP

96:nEY2RrF1eqwi41cdMfxnVUGWZc6gou+Kqu7V8WPdtgozAMV1ign:EHRh1eppSytVW+6tJKh7VB/tzAh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fee8c8ffb6152320b5002c7e5888477ffd58ce4601c2ac70ca07667b81ca2ea5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fee8c8ffb6152320b5002c7e5888477ffd58ce4601c2ac70ca07667b81ca2ea5.dll,#1
  2⤵
  PID:1396

memory/1396-55-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download