7ab559011c86261ad5c0a9ffc5d16c45314f562d7edfcf5da2219a4fd0c20856

Analysis

max time kernel
70s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 22:32

Target

7ab559011c86261ad5c0a9ffc5d16c45314f562d7edfcf5da2219a4fd0c20856.dll
Size

71KB
MD5

6c98b5349a16a3d0641d7d4dad368c03
SHA1

22ea265dc1424a580d53f642d3c00371a2f28fe4
SHA256

7ab559011c86261ad5c0a9ffc5d16c45314f562d7edfcf5da2219a4fd0c20856
SHA512

56c1193d838902f62226db5bdde40b2d5aef5d7503c300ae8209b0cf712e7e3467b2f2bf2fbec34d1d1d821f392095f454e1422c2a1f4537d0e36d93c13db47f
SSDEEP

1536:WEq7WJJuh9UluLkOhVqXnYZUSDq3SkV5RsXiP:2WnufUo4OyXEwtaXiP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 3172	5080	rundll32.exe	81
PID 5080 wrote to memory of 3172	5080	rundll32.exe	81
PID 5080 wrote to memory of 3172	5080	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab559011c86261ad5c0a9ffc5d16c45314f562d7edfcf5da2219a4fd0c20856.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ab559011c86261ad5c0a9ffc5d16c45314f562d7edfcf5da2219a4fd0c20856.dll,#1
  2⤵
  PID:3172

memory/3172-133-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3172-134-0x00000000014F0000-0x0000000001505000-memory.dmp

Filesize
84KB

Download
memory/3172-135-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3172-136-0x00000000014F0000-0x0000000001505000-memory.dmp

Filesize
84KB

Download