cab93dde4e4fb98f52e5b95682c3ed21712fb22ff440b70e76fc2e8561fec068

Analysis

max time kernel
151s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 19:43

Target

cab93dde4e4fb98f52e5b95682c3ed21712fb22ff440b70e76fc2e8561fec068.dll
Size

94KB
MD5

aa15d0c4cadbec45fdbdcb60b6ab50f6
SHA1

1c0050d41362f87dad8f0de55dd9117ca91cae01
SHA256

cab93dde4e4fb98f52e5b95682c3ed21712fb22ff440b70e76fc2e8561fec068
SHA512

6af8456072a9a24db0e22d4c62d1e429e29dba05d0f468467d5de051c53fc6bc5ad0bddf3d3d5a398882835e4ffc3115a6da40e42bd80e40a54c7542527625ed
SSDEEP

1536:0cA1HEUZCj/7ica5ZHpTsmhc+3NM2jTE65f2z6OdoIy:s1HEfpcZHpYd+3NM2jTRf2zVdjy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27
PID 1476 wrote to memory of 1956	1476	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cab93dde4e4fb98f52e5b95682c3ed21712fb22ff440b70e76fc2e8561fec068.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cab93dde4e4fb98f52e5b95682c3ed21712fb22ff440b70e76fc2e8561fec068.dll,#1
  2⤵
  PID:1956

memory/1956-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/1956-56-0x0000000000131000-0x0000000000145000-memory.dmp

Filesize
80KB

Download