3aa9f65a415b0d258c53f3bacfb71459a95582b8b8bbb05cd051eb5d0e295765

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:03

Target

3aa9f65a415b0d258c53f3bacfb71459a95582b8b8bbb05cd051eb5d0e295765.dll
Size

4KB
MD5

2945a3f4684a9880cd022c2b929fb140
SHA1

534c0fbb47bfacf1ecea89742d29a458843d968c
SHA256

3aa9f65a415b0d258c53f3bacfb71459a95582b8b8bbb05cd051eb5d0e295765
SHA512

3cb5255102177457c80a353b137e1ac8b693dc87b0644e4d6dfdc171a6f977881958de02ffdeeea821a2b4706e9ae1d32e7cee6827f0296b2f7c0ff43f9c84f2
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+Lf5Yf0dsbQU1041EN68X/OZ1pYwB0V1M+:TRphMzf8xYfcs8A04uN68X/CTl61M+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 1668	1088	rundll32.exe	28
PID 1088 wrote to memory of 1668	1088	rundll32.exe	28
PID 1088 wrote to memory of 1668	1088	rundll32.exe	28
PID 1088 wrote to memory of 1668	1088	rundll32.exe	28
PID 1088 wrote to memory of 1668	1088	rundll32.exe	28
PID 1088 wrote to memory of 1668	1088	rundll32.exe	28
PID 1088 wrote to memory of 1668	1088	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aa9f65a415b0d258c53f3bacfb71459a95582b8b8bbb05cd051eb5d0e295765.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aa9f65a415b0d258c53f3bacfb71459a95582b8b8bbb05cd051eb5d0e295765.dll,#1
  2⤵
  PID:1668

memory/1668-55-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download