ab28db0640d7d6f54aa42638dfe638dee4ca9939a7904014b797485064e46879

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:00

Target

ab28db0640d7d6f54aa42638dfe638dee4ca9939a7904014b797485064e46879.dll
Size

60KB
MD5

a1285657461f5a3594013a7d9179427a
SHA1

04999afb50375372a90edd716fae86cb9f369d98
SHA256

ab28db0640d7d6f54aa42638dfe638dee4ca9939a7904014b797485064e46879
SHA512

739589b4b57688fd6a12f9f12f3479827aa920ca50ef3ca0261e595344a6052cb8dde0aa5c6ea708e824b74179d421c8ef66a61e5962181086880599fa9a9870
SSDEEP

768:OCX+Ni+QwobesZSiKlszXhahFUsr6Fq4obn3QqcVJ:Is8oisZSFEsz5WborQq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1964 wrote to memory of 1340	1964	rundll32.exe	rundll32.exe
PID 1964 wrote to memory of 1340	1964	rundll32.exe	rundll32.exe
PID 1964 wrote to memory of 1340	1964	rundll32.exe	rundll32.exe
PID 1964 wrote to memory of 1340	1964	rundll32.exe	rundll32.exe
PID 1964 wrote to memory of 1340	1964	rundll32.exe	rundll32.exe
PID 1964 wrote to memory of 1340	1964	rundll32.exe	rundll32.exe
PID 1964 wrote to memory of 1340	1964	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab28db0640d7d6f54aa42638dfe638dee4ca9939a7904014b797485064e46879.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1964

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab28db0640d7d6f54aa42638dfe638dee4ca9939a7904014b797485064e46879.dll,#1
2⤵
PID:1340

memory/1340-54-0x0000000000000000-mapping.dmp

Download
memory/1340-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download