2eeabe9a94b04ae46a2c13d1d56762abee4da2458027b6c697582c509a89cb3b

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-05-2023 05:57

Target

2eeabe9a94b04ae46a2c13d1d56762abee4da2458027b6c697582c509a89cb3b.dll
Size

3.3MB
MD5

5a28dd22a555892208951d916421c44d
SHA1

c32370763470c461cec132cc322c18ef84fbc136
SHA256

2eeabe9a94b04ae46a2c13d1d56762abee4da2458027b6c697582c509a89cb3b
SHA512

c2a7a9864a3f83e1956ceb5ba5b9bc6f54cbf721a2539fa03fb7ca954547fcc43b97e949c8f2d4fc3c456a996d47384436b2e028f450ed765f78554fa44df403
SSDEEP

49152:oVq4hm8GVjSr/6rd8X9fVL2M1pl9iLg8GpGA0264JEeYElXJJPKnt2cWx7R8J2AW:Z+m8Z25QLtl9fbgAIfqfKwlxmgBKY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1180 wrote to memory of 884	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 884	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 884	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 884	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 884	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 884	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 884	1180	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2eeabe9a94b04ae46a2c13d1d56762abee4da2458027b6c697582c509a89cb3b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2eeabe9a94b04ae46a2c13d1d56762abee4da2458027b6c697582c509a89cb3b.dll,#1
  2⤵
  PID:884

memory/884-54-0x0000000001FA0000-0x0000000002EEA000-memory.dmp

Filesize
15.3MB

Download
memory/884-55-0x0000000001FA0000-0x0000000002EEA000-memory.dmp

Filesize
15.3MB

Download
memory/884-56-0x0000000001FA0000-0x0000000002EEA000-memory.dmp

Filesize
15.3MB

Download