afefbaa88ad4e37d75ccc1f27491c21bbd725b1a7202c6f83e256333d3a23b84

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 06:58

Target

afefbaa88ad4e37d75ccc1f27491c21bbd725b1a7202c6f83e256333d3a23b84.dll
Size

32KB
MD5

6e16b4ba1f2218742a89ff078727d85d
SHA1

63d82241a5a438ba01f77d5dd8e9babfa1877b66
SHA256

afefbaa88ad4e37d75ccc1f27491c21bbd725b1a7202c6f83e256333d3a23b84
SHA512

903d7c4afd86aaf808028519770bcdbbdc04543dc1e3a96604fdbff90fb94af23b53d8827e1f8abf9e2775b5066395e1420d6cb6ed41dac214e0cbaa809dbfa2
SSDEEP

384:B3Djv9NYwKEZwAETtPR9eLi4bpA5E77qDE7h70prlawgJFJfegYCRLnJ:B3fGMXaILzb+E7qEF70NlhCDWglR7J

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afefbaa88ad4e37d75ccc1f27491c21bbd725b1a7202c6f83e256333d3a23b84.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afefbaa88ad4e37d75ccc1f27491c21bbd725b1a7202c6f83e256333d3a23b84.dll,#1
  2⤵
  PID:1724

memory/1724-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download