bfabc2053b5f63ea7a10ad3b74b19b89cdb1fe7fd841e5e57bd49d991fb5faf2

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/10/2022, 04:56

Target

bfabc2053b5f63ea7a10ad3b74b19b89cdb1fe7fd841e5e57bd49d991fb5faf2.dll
Size

4.0MB
MD5

e9555f246b14ebcaf916d89ef9f901f3
SHA1

6b9a0f331fc7dba5083fe9fa312c2e5d53b35cce
SHA256

bfabc2053b5f63ea7a10ad3b74b19b89cdb1fe7fd841e5e57bd49d991fb5faf2
SHA512

f7051f7813b4fc701075d8a73816c7f9f762c80a7682eac84a3a719d249fe175c4a2dfcd1024207d571554bea609c6ebace024daae1b68a593c70da3db46f6de
SSDEEP

12288:GXuvLk+KpT19+XyaqvzuYa/cQcORipxocD03aVVswbMks6d237KEnWsiIAunMxKW:mueFOwbMks6d2VnUIAunMxKd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1460	2044	rundll32.exe	26
PID 2044 wrote to memory of 1460	2044	rundll32.exe	26
PID 2044 wrote to memory of 1460	2044	rundll32.exe	26
PID 2044 wrote to memory of 1460	2044	rundll32.exe	26
PID 2044 wrote to memory of 1460	2044	rundll32.exe	26
PID 2044 wrote to memory of 1460	2044	rundll32.exe	26
PID 2044 wrote to memory of 1460	2044	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfabc2053b5f63ea7a10ad3b74b19b89cdb1fe7fd841e5e57bd49d991fb5faf2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfabc2053b5f63ea7a10ad3b74b19b89cdb1fe7fd841e5e57bd49d991fb5faf2.dll,#1
  2⤵
  PID:1460

memory/1460-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download