09417d656a982c0b87887d62b41c0d87610a7c5a54a7f16b19d9ac44f9310c88

Analysis

max time kernel
1561s
max time network
1565s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/08/2023, 22:57

Target

wmm2res2.dll
Size

5KB
MD5

5e0774342528a4a8ecee2cf4f8f82c8a
SHA1

c96e24538018c9f54a24ccbcd6accea3a06bd435
SHA256

9a600772946632729ad7f4c3c11f83767175446b071429041fca7c1416a2a1aa
SHA512

e751b8275d654767ae04d92f68df929c16250531583b66e2b6567d77a0edfd2404ae219c5adfafb76380852946bb677d02a70167a8b78f809ae8e64917f2fdcc
SSDEEP

48:alUphwlfk/pGmnmcJQFbHwg3RTNKiedBPQlgInTzW6wced/uSZW38GBHxbr5mPyF:hpms/MmnlJQ9kHSTnwnVWsuHxbrlfS4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2260	2528	rundll32.exe	28
PID 2528 wrote to memory of 2260	2528	rundll32.exe	28
PID 2528 wrote to memory of 2260	2528	rundll32.exe	28
PID 2528 wrote to memory of 2260	2528	rundll32.exe	28
PID 2528 wrote to memory of 2260	2528	rundll32.exe	28
PID 2528 wrote to memory of 2260	2528	rundll32.exe	28
PID 2528 wrote to memory of 2260	2528	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wmm2res2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\wmm2res2.dll,#1
  2⤵
  PID:2260