abf1b2ffb79bf37aab9fb46d1ff1b992eef593d837df68ee2c45a87bcd846266

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 03:26

Target

abf1b2ffb79bf37aab9fb46d1ff1b992eef593d837df68ee2c45a87bcd846266.dll
Size

11KB
MD5

eacf9a765596dc2f9df053c8ef8b3650
SHA1

ca2417c0c7cfdf079020b6ef424940f39e2402dd
SHA256

abf1b2ffb79bf37aab9fb46d1ff1b992eef593d837df68ee2c45a87bcd846266
SHA512

9c24a4f4cee8a93a6ea128a3e563b988aa531331224ce6533ee05c57017116a64a2bd223e317213e7ef221f4018fd874ef179646020d34b27192be2367b913f5
SSDEEP

192:0HfwgsCKRo7I5Gfhom6W22SpOHeCUHBh7GbGFnPHAvVThrWVW:0nsvo05Hmf2gebB1qRpWVW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1744	948	rundll32.exe	27
PID 948 wrote to memory of 1744	948	rundll32.exe	27
PID 948 wrote to memory of 1744	948	rundll32.exe	27
PID 948 wrote to memory of 1744	948	rundll32.exe	27
PID 948 wrote to memory of 1744	948	rundll32.exe	27
PID 948 wrote to memory of 1744	948	rundll32.exe	27
PID 948 wrote to memory of 1744	948	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abf1b2ffb79bf37aab9fb46d1ff1b992eef593d837df68ee2c45a87bcd846266.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abf1b2ffb79bf37aab9fb46d1ff1b992eef593d837df68ee2c45a87bcd846266.dll,#1
  2⤵
  PID:1744

memory/1744-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download