7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 18:17

Target

7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574.dll
Size

328KB
MD5

595b59bbab5579bab0de553939cadde0
SHA1

12a00978aad180de7758c86de0a2bd53b7962cb4
SHA256

7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574
SHA512

13c7a270e0823b3ff8cd72312098ce446cc39bb4ec27cd97c435ead13890772150f428da655e06503032c4cc0d7d6e4e0b8dee5cffb11573c96b21204d60dddf
SSDEEP

6144:piNrTigFoCmqkge1TcTX5JE0Ax7VjzgaXTALneyxFU4P7aG8vTS7MC:gNftwgedcTXEzx7Vj0wTAjRb+vu7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27
PID 1464 wrote to memory of 816	1464	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7faf59de5cd76017d4da9c8e70c39f5f472059df07e9f328cd78a5d7aceae574.dll,#1
  2⤵
  PID:816

memory/816-54-0x0000000000000000-mapping.dmp

Download
memory/816-55-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download
memory/816-56-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download