2ab4b82bf8e8d966dbec3a569af6e6b7aad73e2e829e43834a23f2f84a487423

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 20:49

Target

2ab4b82bf8e8d966dbec3a569af6e6b7aad73e2e829e43834a23f2f84a487423.dll
Size

77KB
MD5

4cb2b0f0602ebba432428f7ac9c46920
SHA1

27528f2be631a40920799b775fa9cff058e3a6cc
SHA256

2ab4b82bf8e8d966dbec3a569af6e6b7aad73e2e829e43834a23f2f84a487423
SHA512

46ac78fe94a8929d64a1dddddbf333be48a799a6438fe8b16c23b014d5d8caff8f317e4d826856319c5eeb9957b1690b4da997c884ef35587a08fc2cdf390da6
SSDEEP

1536:c+WmsuL8yN4xoi0AcR73fc8vsWjcduHilqi:vWUAJaQuHigi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ab4b82bf8e8d966dbec3a569af6e6b7aad73e2e829e43834a23f2f84a487423.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ab4b82bf8e8d966dbec3a569af6e6b7aad73e2e829e43834a23f2f84a487423.dll,#1
  2⤵
  PID:1388

memory/1388-54-0x0000000000000000-mapping.dmp

Download
memory/1388-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download