23bf638f97934a60096a5d089d688784b52e455c5584c337fc2118823963e9ed

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 19:28

Target

SymRedir.dll
Size

157KB
MD5

a4aac583dd6cadaaa721eaaa0b60f0ac
SHA1

e7460c45dfac2cf7d47cf2025b77030f7b9b41f2
SHA256

23bf638f97934a60096a5d089d688784b52e455c5584c337fc2118823963e9ed
SHA512

e1727d2ab3abc3f438eb3afb299c3bf705cb13b5f125043df0ed61be715d92e595f90619f51d89693fe5a2837af33d2f7622f93e81d19901a94c04699dfe8262
SSDEEP

3072:nr5Ogr6r3K1qYO4rHqf825pypbSj+WZsryYU603hzNmmBX5a2sg9VUbiGcDJHbjZ:+r3K1qUHD6pay0+Bgvg9VUbiGcDJHbjZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27
PID 1044 wrote to memory of 1032	1044	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SymRedir.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SymRedir.dll,#1
  2⤵
  PID:1032

memory/1032-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download