2afd8d5a9d39f59c6827acae7b915f3306bf2cf243ed19733e03af014e158542

Analysis

Target

2afd8d5a9d39f59c6827acae7b915f3306bf2cf243ed19733e03af014e158542.dll
Size

164KB
MD5

b1bfced23e482fe588af810faf9dbe9e
SHA1

e767d3573c0b463db710d5144f42c92faee8fbba
SHA256

2afd8d5a9d39f59c6827acae7b915f3306bf2cf243ed19733e03af014e158542
SHA512

40a73b63de0ed234bf92fd0b5824145493feabd7c2ea9b65bbca76578be540afe4e6b092e7b1804f442ba2b5d342ac85cc93f65b5b9b9f8f1380f5a87c171d99

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1992 wrote to memory of 1920	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 1920	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 1920	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 1920	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 1920	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 1920	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 1920	1992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2afd8d5a9d39f59c6827acae7b915f3306bf2cf243ed19733e03af014e158542.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2afd8d5a9d39f59c6827acae7b915f3306bf2cf243ed19733e03af014e158542.dll,#1
2⤵
PID:1920

memory/1920-54-0x0000000000000000-mapping.dmp

Download
memory/1920-55-0x0000000075DB1000-0x0000000075DB3000-memory.dmp

Filesize
8KB

Download
memory/1920-57-0x0000000000DC0000-0x0000000000E5F000-memory.dmp

Filesize
636KB

Download
memory/1920-59-0x0000000000460000-0x000000000047F000-memory.dmp

Filesize
124KB

Download
memory/1920-60-0x00000000033A0000-0x00000000034A9000-memory.dmp

Filesize
1.0MB

Download
memory/1920-61-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/1920-62-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download