2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 09:28

Target

2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll
Size

96KB
MD5

8583955ffba92756cbfb1cac9f5519a1
SHA1

deaac389556c38a6f614da0a6c2a0e85d8610b70
SHA256

2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04
SHA512

2eba3308c0bd75900a8e8213591f6a481e4cdee2eecc2811e579cc52ec6fbe1129b6cd6edca6d94763c1bf1cb5a30640b6712abd1751b71f062ff2122e4c050c
SSDEEP

3072:gGr6KBc2/rzux6JFFRtZyj+xKt1tEjNIk6lABD:gSnc2/r/JFPtZZCMD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1460	1932	rundll32.exe	28
PID 1932 wrote to memory of 1460	1932	rundll32.exe	28
PID 1932 wrote to memory of 1460	1932	rundll32.exe	28
PID 1932 wrote to memory of 1460	1932	rundll32.exe	28
PID 1932 wrote to memory of 1460	1932	rundll32.exe	28
PID 1932 wrote to memory of 1460	1932	rundll32.exe	28
PID 1932 wrote to memory of 1460	1932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll,#1
  2⤵
  PID:1460

memory/1460-55-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1460-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download