8aff3e755bfdbab3f3c06c6929ed7c98064af4560c138ac0a7a464d0ab95625e

Analysis

max time kernel
13s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 01:45

Target

8aff3e755bfdbab3f3c06c6929ed7c98064af4560c138ac0a7a464d0ab95625e.dll
Size

37KB
MD5

3f7fd91c78b501a7b9828328f04a3a2c
SHA1

559b4ee6e1d2e54e5c13d7c9849a83feb709ba62
SHA256

8aff3e755bfdbab3f3c06c6929ed7c98064af4560c138ac0a7a464d0ab95625e
SHA512

a7cd299dfbb361390e8173490eb5fb7dadf47e5fb9c37b95f80a51b89ccbb2a9b4adba56314010b9e2c003312fbf2b3957c69df247c124677a9a732ec04cc372
SSDEEP

768:SpttgI3lDitWDX1x21xma6WA9d03TuJXIBX/hNH:Sxbue1x2qabA9doR

Score

1^/10

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1056 wrote to memory of 268	1056	rundll32.exe	29
PID 1056 wrote to memory of 268	1056	rundll32.exe	29
PID 1056 wrote to memory of 268	1056	rundll32.exe	29
PID 1056 wrote to memory of 268	1056	rundll32.exe	29
PID 268 wrote to memory of 2020	268	net.exe	31
PID 268 wrote to memory of 2020	268	net.exe	31
PID 268 wrote to memory of 2020	268	net.exe	31
PID 268 wrote to memory of 2020	268	net.exe	31
PID 1056 wrote to memory of 2032	1056	rundll32.exe	32
PID 1056 wrote to memory of 2032	1056	rundll32.exe	32
PID 1056 wrote to memory of 2032	1056	rundll32.exe	32
PID 1056 wrote to memory of 2032	1056	rundll32.exe	32
PID 2032 wrote to memory of 2028	2032	net.exe	34
PID 2032 wrote to memory of 2028	2032	net.exe	34
PID 2032 wrote to memory of 2028	2032	net.exe	34
PID 2032 wrote to memory of 2028	2032	net.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8aff3e755bfdbab3f3c06c6929ed7c98064af4560c138ac0a7a464d0ab95625e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8aff3e755bfdbab3f3c06c6929ed7c98064af4560c138ac0a7a464d0ab95625e.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Windows\SysWOW64\net.exe
    net stop winss
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:268
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop winss
      4⤵
      PID:2020
- - C:\Windows\SysWOW64\net.exe
    net stop OcHealthMon
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop OcHealthMon
      4⤵
      PID:2028

memory/1056-55-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download