bba6e7714aa2472103b746ab7181cfda6cfe77c724d504bf3e9384619682798e

Analysis

max time kernel
2s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 06:24

Target

bba6e7714aa2472103b746ab7181cfda6cfe77c724d504bf3e9384619682798e.dll
Size

88KB
MD5

80cb851e5392efed1fd3b8eb2f8e49cb
SHA1

d5bbdb17e417d15783068467337cb1d18274738a
SHA256

bba6e7714aa2472103b746ab7181cfda6cfe77c724d504bf3e9384619682798e
SHA512

883f77e4a481cc86c2c42ae0ac51795aa3bc23af80e9d00fcf7e85f41552b2466ad8a2cd8aa7537afa3300cfbb84e4e59c9bd0a75fa07e75f33a4f4eb8635c0d
SSDEEP

1536:qWNTI2j7IGPmy5guIRpLYYEEz3dy0h6ck1gbjEo5vlaYPicZ:qWNTHTey5HCROEz3AshjEoXaYPZZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 1436	844	rundll32.exe	28
PID 844 wrote to memory of 1436	844	rundll32.exe	28
PID 844 wrote to memory of 1436	844	rundll32.exe	28
PID 844 wrote to memory of 1436	844	rundll32.exe	28
PID 844 wrote to memory of 1436	844	rundll32.exe	28
PID 844 wrote to memory of 1436	844	rundll32.exe	28
PID 844 wrote to memory of 1436	844	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bba6e7714aa2472103b746ab7181cfda6cfe77c724d504bf3e9384619682798e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bba6e7714aa2472103b746ab7181cfda6cfe77c724d504bf3e9384619682798e.dll,#1
  2⤵
  PID:1436

memory/1436-54-0x0000000000000000-mapping.dmp

Download
memory/1436-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download