d9498d19eab1b5a4c5c401826881b990666b59322669688b24119d989a959935

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 12:42

Target

Windows.Devices.Enumeration.ps.dll
Size

29KB
MD5

d69ea6b69d93f4e4ff381e20d2f9581f
SHA1

d7134d7e6023eb5d61e470714048ca9b80bc805a
SHA256

d9498d19eab1b5a4c5c401826881b990666b59322669688b24119d989a959935
SHA512

0e7be2eaf36926daf2f9d5e5e2745a7a7d24d1e489e25fd57076e732f0ccc8927348bfe7823fef3b02c43bd3010c87944b4bce4f63123002bd618cfdff8b2d23
SSDEEP

192:sCgMOfvNByqqFkJxO8iIMQU+JC8lEjjVkv0ja1a9PaWCUoJW4yz65IWp/buX:Bkf7UoCOGjcuH9PaWC7JW4yWq2buX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2092	1932	rundll32.exe	28
PID 1932 wrote to memory of 2092	1932	rundll32.exe	28
PID 1932 wrote to memory of 2092	1932	rundll32.exe	28
PID 1932 wrote to memory of 2092	1932	rundll32.exe	28
PID 1932 wrote to memory of 2092	1932	rundll32.exe	28
PID 1932 wrote to memory of 2092	1932	rundll32.exe	28
PID 1932 wrote to memory of 2092	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windows.Devices.Enumeration.ps.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windows.Devices.Enumeration.ps.dll,#1
  2⤵
  PID:2092