7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c

Analysis

max time kernel
37s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:55

Target

7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll
Size

10KB
MD5

5ef36e9204afcf4b4976b58d57aa1c64
SHA1

ea82e8679ad93ba13ef011953b4b5b483f6cd08a
SHA256

7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c
SHA512

1250ba885651f8855b884f06ef42e9b06285b0776512586720399c43848b85059bc5b3309804cf71cf4f581da391087f6d8398a819c20732b756509322511ef4
SSDEEP

192:Fw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w9wv:ndHad/N20IypWak8dWiWak8EdWN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1120 wrote to memory of 676	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 676	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 676	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 676	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 676	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 676	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 676	1120	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll,#1
2⤵
PID:676

memory/676-54-0x0000000000000000-mapping.dmp

Download
memory/676-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/676-56-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download