dab27262ce9c4439ba1146592daf5c4078c17543b3d258965c2165a8e79f92ec

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 07:14

Target

dab27262ce9c4439ba1146592daf5c4078c17543b3d258965c2165a8e79f92ec.dll
Size

32KB
MD5

37ef7d1f34576a7b30412b8bda30ac7c
SHA1

5203dd7f6eb0fabb515bb726cfcad4149274fb7d
SHA256

dab27262ce9c4439ba1146592daf5c4078c17543b3d258965c2165a8e79f92ec
SHA512

f37b1e3f7c9f6f6874f426b1c6f18af32ab6c28532f1bd4ed69675c790eb5bfa19672190dcc73a362ecdb02a4cacfa7ce9ac55827b1248c777645f3de8ed6466
SSDEEP

384:KWRxD56W1rRy2408lh/jkcIRagzN5wj7D77iYfiIuIzawYJFJLCRCkI8a:/1QWtHd8PZIaaN5kD75KINzhqDmRCkIT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27
PID 1204 wrote to memory of 1344	1204	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dab27262ce9c4439ba1146592daf5c4078c17543b3d258965c2165a8e79f92ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dab27262ce9c4439ba1146592daf5c4078c17543b3d258965c2165a8e79f92ec.dll,#1
  2⤵
  PID:1344

memory/1344-54-0x0000000000000000-mapping.dmp

Download
memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download