aaeb535844c0fd9283c7e92ab6673fe5a41e7a6010d8a13c45d431dbc3c68a6c

Analysis

max time kernel
77s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:06

Target

aaeb535844c0fd9283c7e92ab6673fe5a41e7a6010d8a13c45d431dbc3c68a6c.dll
Size

5KB
MD5

5be9be6aed1377033b8f5fd95b9cfa60
SHA1

e7bdc406a3835de4300b87106f15af992da34e42
SHA256

aaeb535844c0fd9283c7e92ab6673fe5a41e7a6010d8a13c45d431dbc3c68a6c
SHA512

446d152114fec3c421589d8a5a83d8866985006967a97bcdd851e05e1d59ae8b90cab40a4a6230b79bac3063c9e1fd41307fd2e233f401290cb84889b7a9020c
SSDEEP

48:q0aaPO8jGSLIv+Tqq7NqrhWR07iIsitl6YtDytJFgOrnsB/SsyomXrkZU8:1h9jTqMMrY0OI/KYyznSMuL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1384 wrote to memory of 1680	1384	rundll32.exe	rundll32.exe
PID 1384 wrote to memory of 1680	1384	rundll32.exe	rundll32.exe
PID 1384 wrote to memory of 1680	1384	rundll32.exe	rundll32.exe
PID 1384 wrote to memory of 1680	1384	rundll32.exe	rundll32.exe
PID 1384 wrote to memory of 1680	1384	rundll32.exe	rundll32.exe
PID 1384 wrote to memory of 1680	1384	rundll32.exe	rundll32.exe
PID 1384 wrote to memory of 1680	1384	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaeb535844c0fd9283c7e92ab6673fe5a41e7a6010d8a13c45d431dbc3c68a6c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaeb535844c0fd9283c7e92ab6673fe5a41e7a6010d8a13c45d431dbc3c68a6c.dll,#1
2⤵
PID:1680

memory/1680-54-0x0000000000000000-mapping.dmp

Download
memory/1680-55-0x0000000075671000-0x0000000075673000-memory.dmp

Filesize
8KB

Download