4ab828bb9a7b097e1d786a4f55872a2d37046bf60f424559d97db6ccc4d222da

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:09

Target

4ab828bb9a7b097e1d786a4f55872a2d37046bf60f424559d97db6ccc4d222da.dll
Size

1.3MB
MD5

f0ad75591a2c9aeae6b70bae10324f11
SHA1

4c8ea5cf14f8a6ae76dad900f5d23fa8ecc097d7
SHA256

4ab828bb9a7b097e1d786a4f55872a2d37046bf60f424559d97db6ccc4d222da
SHA512

c2c9459230c3af04676d06d3ff9476f95bca74ddefd718c06a0a90298a1156b4b080d89dc0647064f7a8b8a6c98dd9bdd27f5a5e40680e9c79525cdb118680a8
SSDEEP

24576:i9cKNnS2asZhPy2nJgwoWS2CrNMEPisarQ8eqfajP9u9meNFDRE1eiYFsd4:HKNS2t7nJgWSjrNMESijemeTyBV4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 992 wrote to memory of 928	992	rundll32.exe	rundll32.exe
PID 992 wrote to memory of 928	992	rundll32.exe	rundll32.exe
PID 992 wrote to memory of 928	992	rundll32.exe	rundll32.exe
PID 992 wrote to memory of 928	992	rundll32.exe	rundll32.exe
PID 992 wrote to memory of 928	992	rundll32.exe	rundll32.exe
PID 992 wrote to memory of 928	992	rundll32.exe	rundll32.exe
PID 992 wrote to memory of 928	992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ab828bb9a7b097e1d786a4f55872a2d37046bf60f424559d97db6ccc4d222da.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ab828bb9a7b097e1d786a4f55872a2d37046bf60f424559d97db6ccc4d222da.dll,#1
2⤵
PID:928

memory/928-54-0x0000000000000000-mapping.dmp

Download
memory/928-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download
memory/928-56-0x0000000000850000-0x00000000009CF000-memory.dmp

Filesize
1.5MB

Download
memory/928-57-0x0000000000850000-0x0000000000911000-memory.dmp

Filesize
772KB

Download