ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85

Analysis

max time kernel
58s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:00

Target

ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll
Size

68KB
MD5

8985d73f08638b4b48ecd30759c9e53f
SHA1

400a90c9eabeb94ae05e5036e21dc922b0c1ffad
SHA256

ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85
SHA512

b97c0e2922f9cdfe8f0f01b4ddb261f0ffb29a91f769ebd3f86ea8bf058073068b49d4490ae2aa3cd25dfbef1db138b982c94a0dce484781a7c7551d7c3fa4b2
SSDEEP

1536:Mmw46ETnLFn4pSM+Mx3P+oX9AgKoT7e7BS:MmLJLFn4pSMVx3P+mNKoTAo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2028 wrote to memory of 296	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 296	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 296	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 296	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 296	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 296	2028	rundll32.exe	rundll32.exe
PID 2028 wrote to memory of 296	2028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll,#1
2⤵
PID:296

memory/296-54-0x0000000000000000-mapping.dmp

Download
memory/296-55-0x0000000076391000-0x0000000076393000-memory.dmp

Filesize
8KB

Download