ab6a1f3f690f0951c9a28bd68553f23f22125d2c5a1bacb5551598add8462b36

Analysis

max time kernel
20s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24/11/2022, 00:44

Target

ab6a1f3f690f0951c9a28bd68553f23f22125d2c5a1bacb5551598add8462b36.dll
Size

4KB
MD5

4dc87e451c503d26fe8dd8bd6c63d4b1
SHA1

b351bd0a2a0ad1d530f4556686326f21207e0061
SHA256

ab6a1f3f690f0951c9a28bd68553f23f22125d2c5a1bacb5551598add8462b36
SHA512

efeaf3f0b5e71aa87f5639fcd38993917f26194d6c4ab3ed23012239b8595a49fd7e04ff40f3d4fa6b66c39914c961ebc8b6adea10a2aaebb86a9b54b24263bb
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKi/eLIgPAzjjhKIXJpd7:PT3r2vu9jAAzjV5XJpd7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 272 wrote to memory of 1728	272	rundll32.exe	28
PID 272 wrote to memory of 1728	272	rundll32.exe	28
PID 272 wrote to memory of 1728	272	rundll32.exe	28
PID 272 wrote to memory of 1728	272	rundll32.exe	28
PID 272 wrote to memory of 1728	272	rundll32.exe	28
PID 272 wrote to memory of 1728	272	rundll32.exe	28
PID 272 wrote to memory of 1728	272	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab6a1f3f690f0951c9a28bd68553f23f22125d2c5a1bacb5551598add8462b36.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab6a1f3f690f0951c9a28bd68553f23f22125d2c5a1bacb5551598add8462b36.dll,#1
  2⤵
  PID:1728

memory/1728-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download