4fabd905aaf465f1874665c672cc1edb4f116387f3ecbdaf530f2cef6aca0289

Analysis

max time kernel
43s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 09:12

Target

4fabd905aaf465f1874665c672cc1edb4f116387f3ecbdaf530f2cef6aca0289.dll
Size

161KB
MD5

699e2980024a591b39ddfa3bf77b0650
SHA1

dbc91b95dddccc0bf455f1201a8d3561a0640541
SHA256

4fabd905aaf465f1874665c672cc1edb4f116387f3ecbdaf530f2cef6aca0289
SHA512

8b2912e22f2e6e572e5a55860c476d43c61d68dc49f2497106343625a3eb73868bdd102f3157ba9013c34f8da46c197cadf95ddda5b905b1db88cf3f8fb84d94
SSDEEP

1536:btItIJkuvfZ/AuwBFOoF3vxAKUASJLXJMXqT5WYjwa82bcVgSnB2+O/AQt:RSyxvfGBwwOJcai5nO/A8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 944	1696	rundll32.exe	27
PID 1696 wrote to memory of 944	1696	rundll32.exe	27
PID 1696 wrote to memory of 944	1696	rundll32.exe	27
PID 1696 wrote to memory of 944	1696	rundll32.exe	27
PID 1696 wrote to memory of 944	1696	rundll32.exe	27
PID 1696 wrote to memory of 944	1696	rundll32.exe	27
PID 1696 wrote to memory of 944	1696	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fabd905aaf465f1874665c672cc1edb4f116387f3ecbdaf530f2cef6aca0289.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fabd905aaf465f1874665c672cc1edb4f116387f3ecbdaf530f2cef6aca0289.dll,#1
  2⤵
  PID:944

memory/944-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download
memory/944-56-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download