ab5bfe5e76fdbbaa59545a05c315e74246477dd19f00c4cdb09afb73e5eb6da2

Analysis

max time kernel
94s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 03:29

Target

ab5bfe5e76fdbbaa59545a05c315e74246477dd19f00c4cdb09afb73e5eb6da2.dll
Size

61KB
MD5

caffc24086fd7f859f752a4a38608848
SHA1

4cd4abc5f45ccbeec379e9444b8513eecdfd288c
SHA256

ab5bfe5e76fdbbaa59545a05c315e74246477dd19f00c4cdb09afb73e5eb6da2
SHA512

30831937c7dab483e243d99ee0286d7ccdc03acdb53d5e8a25ccf27c7cc4d81e0acc25209a012a0a44a0a6176838c95c0ee535672fe9b78dd28d7ee758702282
SSDEEP

1536:4XkTnJx7Y3F8+00vmoRYVmuQo5pCSVOjPcwtpDxvax2:SKJxe8++Uur5oj5t9xvax2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 336	892	rundll32.exe	28
PID 892 wrote to memory of 336	892	rundll32.exe	28
PID 892 wrote to memory of 336	892	rundll32.exe	28
PID 892 wrote to memory of 336	892	rundll32.exe	28
PID 892 wrote to memory of 336	892	rundll32.exe	28
PID 892 wrote to memory of 336	892	rundll32.exe	28
PID 892 wrote to memory of 336	892	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab5bfe5e76fdbbaa59545a05c315e74246477dd19f00c4cdb09afb73e5eb6da2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab5bfe5e76fdbbaa59545a05c315e74246477dd19f00c4cdb09afb73e5eb6da2.dll,#1
  2⤵
  PID:336

memory/336-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download