af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 06:59

Target

af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303.dll
Size

136KB
MD5

6ae346ab1205b9a73d8292ccd681e0f0
SHA1

b9b4a131d002c5b26ee418e0cac933c55c4886df
SHA256

af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303
SHA512

9b7589486d71be5ee5b71f5d9c58c9039800314c7d6b44874f584539539a0a47fed766695447ff5819ce05694f16ca7f3b16afbc942e8709f98cc8f942b83e4d
SSDEEP

3072:5qR+5SiBLeygpAVtivMq7QHNIrKyW6qxESe:5JSiBLDgpYtUMAQHNIrjd

Score

1^/10

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 1572 wrote to memory of 304	1572	rundll32.exe	27
PID 304 wrote to memory of 2008	304	rundll32.exe	28
PID 304 wrote to memory of 2008	304	rundll32.exe	28
PID 304 wrote to memory of 2008	304	rundll32.exe	28
PID 304 wrote to memory of 2008	304	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:304
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:2008

memory/304-55-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/304-56-0x0000000000170000-0x00000000001A7000-memory.dmp

Filesize
220KB

Download
memory/304-57-0x0000000000170000-0x00000000001A7000-memory.dmp

Filesize
220KB

Download