ecb7972c8f74554a86fb9e702da5759fb24adbf553d31c5a55a4500a4188c7e5

Analysis

max time kernel
57s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 00:55

Target

ecb7972c8f74554a86fb9e702da5759fb24adbf553d31c5a55a4500a4188c7e5.dll
Size

6KB
MD5

1b8319f159696be38de4f230c78d4810
SHA1

a4533cca8c126fee996c3495a7c95ed23f9ed8dd
SHA256

ecb7972c8f74554a86fb9e702da5759fb24adbf553d31c5a55a4500a4188c7e5
SHA512

f1414915c86ebaefe7a4f89b1d2c99ba32bfb5245b23a1df2926de0ee9b1cb592da7c522b5292cc090a6aa99007c715b7153211a5d79bcdd60138c6fd27d112a
SSDEEP

48:C6Vo9HBok7lYa92RranDBetlG9Mgi3bp2pvHKzpTbQVJrpbJGI/zp:nI2RrUeqg3aKxQVJpJGI/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb7972c8f74554a86fb9e702da5759fb24adbf553d31c5a55a4500a4188c7e5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb7972c8f74554a86fb9e702da5759fb24adbf553d31c5a55a4500a4188c7e5.dll,#1
  2⤵
  PID:1972

memory/1972-55-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download