de2be8ebd629be6b1175d3624d1d8e839c228a35bf29e3eacad572d37b94f85c

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
20/12/2022, 15:21

Target

KRNLWRD/krnl.dll
Size

3.6MB
MD5

dd2cead4e9dded0e029457061c4dcfd5
SHA1

4a67e3675db9a43d7af25bba8f9921227b624474
SHA256

bb8125901ca3caf7dd5f726085f21d08b2e3736f4109e0530da118e3dc54cb1b
SHA512

0ce64ac2ed544686b042b7bad3642b0c0a4a7cb50a9f0496ff50001d6f0db55d05c77e3d253545f5fe55159cb9564f5cca8daf65e77cb6135a6edfb87024fa85
SSDEEP

49152:WXmm0MY+MpOl4TMixzMiTBr3F6d7jQ/+K1thZA0Eryyatny1FVCuPzmcDo1zIvCc:WXmMKpOWoi1rVCYhg3zT17mE4lnXz4H

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1724	1624	rundll32.exe	28
PID 1624 wrote to memory of 1724	1624	rundll32.exe	28
PID 1624 wrote to memory of 1724	1624	rundll32.exe	28
PID 1624 wrote to memory of 1724	1624	rundll32.exe	28
PID 1624 wrote to memory of 1724	1624	rundll32.exe	28
PID 1624 wrote to memory of 1724	1624	rundll32.exe	28
PID 1624 wrote to memory of 1724	1624	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\KRNLWRD\krnl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\KRNLWRD\krnl.dll,#1
  2⤵
  PID:1724

memory/1724-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download