8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-05-2023 02:41

Target

8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll
Size

105KB
MD5

fe9c8e7f7ce274b5096a81ad2dfccc15
SHA1

0a5b892c907413300a8f249bfba51624f2552b16
SHA256

8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573
SHA512

7a01ec7d754c5b2a9e5e7bd7fa0340237d2498b8d903d12c6718ff7271a2916c9f740b5c408f387f1b809596bf9e545ec8b051479b7f4f882192812b8f6b3ef9
SSDEEP

1536:S8IyWVObZzMIOP8GVRigfij7ZdFeePAhhnMcKWSb4lWy3VoY:S8IyYObxROP8GVkgfiPZrLPGnMcwubF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2044 wrote to memory of 2036	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2036	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2036	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2036	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2036	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2036	2044	rundll32.exe	rundll32.exe
PID 2044 wrote to memory of 2036	2044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll,#1
2⤵
PID:2036

memory/2036-54-0x00000000002C0000-0x0000000000335000-memory.dmp

Filesize
468KB

Download
memory/2036-55-0x00000000002C0000-0x0000000000335000-memory.dmp

Filesize
468KB

Download