b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 14:47

Target

b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae.dll
Size

33KB
MD5

541befe274c45704919a15ddafb27063
SHA1

189ce23320622e0ffd17970cdc0d791743d2c81e
SHA256

b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae
SHA512

829bbc440b5a775dc937847fcccbd0115ebc950b265b7602eb3f8b466611e963c622fe26794867b587ebece8ce6432200310fdf0a017b4d7435a227ab934cba1
SSDEEP

384:Xp0y/CgGfReM8DDxeIyXGZCgGfrSU6BBST:GjReRD9eIyXGqG/BBk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 840	1000	rundll32.exe	27
PID 1000 wrote to memory of 840	1000	rundll32.exe	27
PID 1000 wrote to memory of 840	1000	rundll32.exe	27
PID 1000 wrote to memory of 840	1000	rundll32.exe	27
PID 1000 wrote to memory of 840	1000	rundll32.exe	27
PID 1000 wrote to memory of 840	1000	rundll32.exe	27
PID 1000 wrote to memory of 840	1000	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae.dll,#1
  2⤵
  PID:840

memory/840-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download
memory/840-56-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/840-57-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/840-58-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download