abf25448fcdf9396f140da6e0564f4d000066b2310256e994d0e487990d6cdf8

Analysis

max time kernel
18s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 03:50

Target

abf25448fcdf9396f140da6e0564f4d000066b2310256e994d0e487990d6cdf8.dll
Size

1.1MB
MD5

a22901925c0fef33559f521985019760
SHA1

7b4abc148c8e0cb80264304d91ed63e4812007df
SHA256

abf25448fcdf9396f140da6e0564f4d000066b2310256e994d0e487990d6cdf8
SHA512

3ee53d4eb53b10bc6c8312e458f3bff6551eb870844ab41462f19b512e09756145d96fd2621c260407d26c63bed4b36a4a7124e4915565a6bbf62e013e36a020
SSDEEP

24576:rnhiZ7wj0TdQozyibFyBpQ02elQ9et/6kd5:rnhI7wj0TdQo5ipQ0vlQgia5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1236 wrote to memory of 1332	1236	rundll32.exe	rundll32.exe
PID 1236 wrote to memory of 1332	1236	rundll32.exe	rundll32.exe
PID 1236 wrote to memory of 1332	1236	rundll32.exe	rundll32.exe
PID 1236 wrote to memory of 1332	1236	rundll32.exe	rundll32.exe
PID 1236 wrote to memory of 1332	1236	rundll32.exe	rundll32.exe
PID 1236 wrote to memory of 1332	1236	rundll32.exe	rundll32.exe
PID 1236 wrote to memory of 1332	1236	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abf25448fcdf9396f140da6e0564f4d000066b2310256e994d0e487990d6cdf8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abf25448fcdf9396f140da6e0564f4d000066b2310256e994d0e487990d6cdf8.dll,#1
  2⤵
  PID:1332

memory/1332-54-0x0000000000000000-mapping.dmp

Download
memory/1332-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download