af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891

Analysis

max time kernel
32s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 03:50

Target

af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891.dll
Size

128KB
MD5

68eae984aa81ba27fdc7e993b5e7fb9b
SHA1

0bfc2ccb8768f4229fdc68a7a834ade723cfb2f7
SHA256

af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891
SHA512

0a21a201f75ee284248e7cc43b481bc7db871166042c73ed12fd4dc0af961ce37bf7bc09d43c9d714a10c50fe7d4d35700241ee34e6507a4ca839bd958bfc233
SSDEEP

3072:3OdxSBDzm0zQU+aGsdAtGoScDfj5X3nQLCF:3kximMp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891.dll,#1
  2⤵
  PID:1980

memory/1980-55-0x0000000076141000-0x0000000076143000-memory.dmp

Filesize
8KB

Download
memory/1980-56-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/1980-57-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download
memory/1980-58-0x0000000000180000-0x000000000018D000-memory.dmp

Filesize
52KB

Download
memory/1980-59-0x0000000000180000-0x000000000018D000-memory.dmp

Filesize
52KB

Download