820c15cfa82b3cb10675260817e68ef06b113052e5a60a29d9428e53e2f491e4

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 19:47

Target

022f87a7ffa920f5918633c27effef3f.dll
Size

44KB
MD5

022f87a7ffa920f5918633c27effef3f
SHA1

a3ba5472179738616e19fa0439b295efffa1db1f
SHA256

820c15cfa82b3cb10675260817e68ef06b113052e5a60a29d9428e53e2f491e4
SHA512

e388d77d7531d11b7dd00d9fae60fd183aec2f6ad30d9cb849e2807cbfefee2711d889041961d0d27c205867e96f9afbd4ee6b265295010a15800dd078ee4ced
SSDEEP

768:+ZmpM8NVLGh5sAov3F1TCjMAWLbAXB+YtaZmCZJT0ppqjmg/ATkVBF1uPeSkgR:+ZaLRhzCj/WnAsjmiJTgq6mbeeP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2380	3032	rundll32.exe	28
PID 3032 wrote to memory of 2380	3032	rundll32.exe	28
PID 3032 wrote to memory of 2380	3032	rundll32.exe	28
PID 3032 wrote to memory of 2380	3032	rundll32.exe	28
PID 3032 wrote to memory of 2380	3032	rundll32.exe	28
PID 3032 wrote to memory of 2380	3032	rundll32.exe	28
PID 3032 wrote to memory of 2380	3032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\022f87a7ffa920f5918633c27effef3f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\022f87a7ffa920f5918633c27effef3f.dll,#1
  2⤵
  PID:2380

memory/2380-0-0x0000000000170000-0x0000000000180000-memory.dmp

Filesize
64KB

Download