4aef854507fa6e67b42321a3f35e52ab49878acbcceed8486b9109e6d3be07a6

Resubmissions

28/03/2023, 14:11

max time kernel
30s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28/03/2023, 14:11

Target

printsupport/windowsprintersupport.dll
Size

45KB
MD5

88b0addcf3f634e3748827307ebd0b6a
SHA1

6c1db93c70a7d2656bcff9ddfd17c16d07484ff1
SHA256

f03c5a80cfe9737e49d4bd297763149785fb556fed45a91ced2c5fa6cc3e0354
SHA512

57c3bf61329ec5a2996eaf8b7aa5e98fd15aa0f0cd513fe5058d773bad6a07a4454085a0388b817e1cd66e8273548c47171e4c2e32280fd3701c042f671437d0
SSDEEP

768:y+Dht0JWUo7X3NRlBPTe+QwZLXGYlJ8FXoAbW3wh7N:dDIJHoL3NnBbe+QwZbG2aFnWghx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1920	1956	rundll32.exe	27
PID 1956 wrote to memory of 1920	1956	rundll32.exe	27
PID 1956 wrote to memory of 1920	1956	rundll32.exe	27
PID 1956 wrote to memory of 1920	1956	rundll32.exe	27
PID 1956 wrote to memory of 1920	1956	rundll32.exe	27
PID 1956 wrote to memory of 1920	1956	rundll32.exe	27
PID 1956 wrote to memory of 1920	1956	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\printsupport\windowsprintersupport.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\printsupport\windowsprintersupport.dll,#1
  2⤵
  PID:1920