e1bdc782821ee301e52e1491046b84a752b322450df7668714f700cb073afcd8

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-06-2023 20:24

Target

e1bdc782821ee301e52e1491046b84a752b322450df7668714f700cb073afcd8.dll
Size

112KB
MD5

bdd508bec88d0d798b2a4606f94f290d
SHA1

0c81a1dfabf5e392823ae88e0d647fde87b7ef09
SHA256

e1bdc782821ee301e52e1491046b84a752b322450df7668714f700cb073afcd8
SHA512

08e1b705c330b4506d405895672bc6021f40bc7db12eb04054de77d8e126aea2a70645fd7a03d4fd34b4aa376279ed72cabcca1132978da620ccaf63011053f7
SSDEEP

3072:lzMpE5deodCuXMRFaPj+2RqDazmmRB0hy6+tFo:xM65RdO7N2w2zLyyHo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1536 wrote to memory of 1616	1536	rundll32.exe	rundll32.exe
PID 1536 wrote to memory of 1616	1536	rundll32.exe	rundll32.exe
PID 1536 wrote to memory of 1616	1536	rundll32.exe	rundll32.exe
PID 1536 wrote to memory of 1616	1536	rundll32.exe	rundll32.exe
PID 1536 wrote to memory of 1616	1536	rundll32.exe	rundll32.exe
PID 1536 wrote to memory of 1616	1536	rundll32.exe	rundll32.exe
PID 1536 wrote to memory of 1616	1536	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1bdc782821ee301e52e1491046b84a752b322450df7668714f700cb073afcd8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1bdc782821ee301e52e1491046b84a752b322450df7668714f700cb073afcd8.dll,#1
  2⤵
  PID:1616

memory/1616-54-0x0000000000370000-0x0000000000395000-memory.dmp

Filesize
148KB

Download
memory/1616-55-0x0000000000370000-0x0000000000395000-memory.dmp

Filesize
148KB

Download
memory/1616-56-0x0000000000370000-0x0000000000395000-memory.dmp

Filesize
148KB

Download