baf7b7989456a87de40057766f99c289bff336de43c4ccb2253b9027411cdfef

Analysis

max time kernel
35s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 13:42

Target

baf7b7989456a87de40057766f99c289bff336de43c4ccb2253b9027411cdfef.dll
Size

88KB
MD5

62589963ea6b9f1d0f744f47d6ff53b4
SHA1

b34107d43820797734dacd89488b1c2169d4164c
SHA256

baf7b7989456a87de40057766f99c289bff336de43c4ccb2253b9027411cdfef
SHA512

1c4e34ece72f2485c40e2eb229946f9e99ecbace555f06be267a07dbafd5a74df60b28cd118c51f18682a8d25d51a4f846d1ae45b5c55a0b5dc0049807721676
SSDEEP

1536:MQ7aHzvo8tQjMGiT0HOTdz7PazPx8yE7E4EBoOMa6S5:TGc8teMGiYaSO11EBoOJr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1736	1644	rundll32.exe	27
PID 1644 wrote to memory of 1736	1644	rundll32.exe	27
PID 1644 wrote to memory of 1736	1644	rundll32.exe	27
PID 1644 wrote to memory of 1736	1644	rundll32.exe	27
PID 1644 wrote to memory of 1736	1644	rundll32.exe	27
PID 1644 wrote to memory of 1736	1644	rundll32.exe	27
PID 1644 wrote to memory of 1736	1644	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\baf7b7989456a87de40057766f99c289bff336de43c4ccb2253b9027411cdfef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\baf7b7989456a87de40057766f99c289bff336de43c4ccb2253b9027411cdfef.dll,#1
  2⤵
  PID:1736

memory/1736-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download