bab2831ebf52b0641176b4d62a4896971bf3a01343791e2bfb3d21cb85f7fc0a

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 12:27

Target

bab2831ebf52b0641176b4d62a4896971bf3a01343791e2bfb3d21cb85f7fc0a.dll
Size

84KB
MD5

6c1f14cba99ad0b57f4af7ce670bfce0
SHA1

56b82c666deb9ee9a634d8819a6fdbdb2dbeb8ea
SHA256

bab2831ebf52b0641176b4d62a4896971bf3a01343791e2bfb3d21cb85f7fc0a
SHA512

a765a635a09d37e2562bf1e0f518aa21e6d8ec46c60312d302ca8e68a42783a908ef45af7b5ed5a7dfce2bef88cbeaa3f6a44f7ba2bb6081c15916ade9f024dd
SSDEEP

1536:JzbZKhA7nInt7XRLw1GoIVcrSwtCTT0FvOKZTe0eP:JH8hA7InNXBw1vIfwHvOqTeTP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27
PID 1300 wrote to memory of 824	1300	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bab2831ebf52b0641176b4d62a4896971bf3a01343791e2bfb3d21cb85f7fc0a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bab2831ebf52b0641176b4d62a4896971bf3a01343791e2bfb3d21cb85f7fc0a.dll,#1
  2⤵
  PID:824

memory/824-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/824-56-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/824-57-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download