aa53d083cde1784e337539e2bfb508923176d830353d758419692b8bd322a418

Analysis

max time kernel
38s
max time network
90s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 00:06

Target

aa53d083cde1784e337539e2bfb508923176d830353d758419692b8bd322a418.dll
Size

99KB
MD5

4463605a97b206edfb91739caac26791
SHA1

58560689cc4546a5ac967089637be2538c9e01e4
SHA256

aa53d083cde1784e337539e2bfb508923176d830353d758419692b8bd322a418
SHA512

27839dae861538bd204fecd659462e707a3d8c337f73ac9add2e4cdc75c47e14f26615bb3caed6ee33c399fafc2f0c08a89ffb20ad7800c2fd67c6cfe65a70f5
SSDEEP

3072:USukS7GTsqMz0RsLhCxED2jZ/d69l/jmmybg0:USutmRzEDGhd4l/6mybz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa53d083cde1784e337539e2bfb508923176d830353d758419692b8bd322a418.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa53d083cde1784e337539e2bfb508923176d830353d758419692b8bd322a418.dll,#1
  2⤵
  PID:1120

memory/1120-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/1120-56-0x000000003A500000-0x000000003A51F000-memory.dmp

Filesize
124KB

Download