9aaa72c4af2ad9a36a613f7e1a09f60096b8ad3015a081561ca0dea73901d7da

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 01:33

Target

9aaa72c4af2ad9a36a613f7e1a09f60096b8ad3015a081561ca0dea73901d7da.dll
Size

256KB
MD5

41fc968609be03deda35bc065c7a620b
SHA1

cb7390338c5fe3a28b8e29cbe7452ee86c639f45
SHA256

9aaa72c4af2ad9a36a613f7e1a09f60096b8ad3015a081561ca0dea73901d7da
SHA512

742d6204eb3e045d49f0677e3ebd7005897a1a59b3b3323191ba0ac77c930e6016f2330aae82bcad49c304955e0aec1a447ab4cb3122232c9a2332829e64128c
SSDEEP

6144:SB149EicyHA27X+2dJZgwvJtw0kbqOIC5oT4QasRO7voWmH8b3T7:SX49zcyz7X+2t00ktF5o5dOjucbD7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27
PID 1416 wrote to memory of 1224	1416	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9aaa72c4af2ad9a36a613f7e1a09f60096b8ad3015a081561ca0dea73901d7da.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9aaa72c4af2ad9a36a613f7e1a09f60096b8ad3015a081561ca0dea73901d7da.dll,#1
  2⤵
  PID:1224

memory/1224-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download
memory/1224-56-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download