aabb79dd0b6526e922685c4af896a9b01b78f8aaef96580577a96ea276361d35

Analysis

max time kernel
41s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 19:46

Target

aabb79dd0b6526e922685c4af896a9b01b78f8aaef96580577a96ea276361d35.dll
Size

139KB
MD5

fd91dfa77d8d25af21d834bd2ce2f500
SHA1

f1f62a800ede94033a3be56e20b3150df04dffc5
SHA256

aabb79dd0b6526e922685c4af896a9b01b78f8aaef96580577a96ea276361d35
SHA512

94d4e18822b9fa05d425e7ec53c21071d69137cd0cf79b8275e3d20c50a0cd723e68c8e14d48072b5564f0c4fa3bf4bbfefc736d41c19842cacbd8fc271273b0
SSDEEP

3072:sZIvGS1ndIxmTULVOccpIxNnA5vxUBMcFll0st:sZqIxmTUvXzMvSpEst

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 856	1252	rundll32.exe	28
PID 1252 wrote to memory of 856	1252	rundll32.exe	28
PID 1252 wrote to memory of 856	1252	rundll32.exe	28
PID 1252 wrote to memory of 856	1252	rundll32.exe	28
PID 1252 wrote to memory of 856	1252	rundll32.exe	28
PID 1252 wrote to memory of 856	1252	rundll32.exe	28
PID 1252 wrote to memory of 856	1252	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aabb79dd0b6526e922685c4af896a9b01b78f8aaef96580577a96ea276361d35.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aabb79dd0b6526e922685c4af896a9b01b78f8aaef96580577a96ea276361d35.dll,#1
  2⤵
  PID:856

memory/856-54-0x0000000000000000-mapping.dmp

Download
memory/856-55-0x00000000760D1000-0x00000000760D3000-memory.dmp

Filesize
8KB

Download