22a8cfc2108def2f0b9efa3e63c223f216cbbfc50eb7fb8db8b2e055afd07375

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 23:54

Target

7e562f53e4030699ca20ad39bf3e97f8.dll
Size

118KB
MD5

7e562f53e4030699ca20ad39bf3e97f8
SHA1

3ae36d17db53d6c79fac692a7b0f02d85796445d
SHA256

22a8cfc2108def2f0b9efa3e63c223f216cbbfc50eb7fb8db8b2e055afd07375
SHA512

fe748ba835cc45e3b7d92bc44f5774bb9a419ebcf4e3674e9adaf7bb822fde8a16c00b6fec26d3c01da1d189723d02bc8aec4f0117577b9605c34fb0173ffeeb
SSDEEP

3072:cdngK7aidAEMG3hjHZdri+z6gBSOHZIJ5idPidfmiRDmdZ:ch77liNAviS5ZUsi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2144	2060	rundll32.exe	28
PID 2060 wrote to memory of 2144	2060	rundll32.exe	28
PID 2060 wrote to memory of 2144	2060	rundll32.exe	28
PID 2060 wrote to memory of 2144	2060	rundll32.exe	28
PID 2060 wrote to memory of 2144	2060	rundll32.exe	28
PID 2060 wrote to memory of 2144	2060	rundll32.exe	28
PID 2060 wrote to memory of 2144	2060	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e562f53e4030699ca20ad39bf3e97f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e562f53e4030699ca20ad39bf3e97f8.dll,#1
  2⤵
  PID:2144

memory/2144-0-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download
memory/2144-1-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download