af8e7a7c7e1b70ad226bceb848f1f37469deac563fe807496968d3d3392bdde3

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 21:38

Target

af8e7a7c7e1b70ad226bceb848f1f37469deac563fe807496968d3d3392bdde3.dll
Size

147KB
MD5

2c433c125c48efc6a8c1243173589efe
SHA1

e8479d000f0dae4e69863aabecb0881da45a4133
SHA256

af8e7a7c7e1b70ad226bceb848f1f37469deac563fe807496968d3d3392bdde3
SHA512

9900a0b1d318e49f9f7d2ca33ac0399e0c6d049d35727fe93e61fdafed46cc30e78b5822ad61f1df6ccb427fd626a7f5c2bfdf6ffd4c66dc5f41933175cbc5bf
SSDEEP

3072:c7R3s0AOxwEjYX8uEWNhKumrGudt6Wa0/6Nd:c7R3s5OqEjYXZ/hKurudD/6Nd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1072	1652	rundll32.exe	27
PID 1652 wrote to memory of 1072	1652	rundll32.exe	27
PID 1652 wrote to memory of 1072	1652	rundll32.exe	27
PID 1652 wrote to memory of 1072	1652	rundll32.exe	27
PID 1652 wrote to memory of 1072	1652	rundll32.exe	27
PID 1652 wrote to memory of 1072	1652	rundll32.exe	27
PID 1652 wrote to memory of 1072	1652	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af8e7a7c7e1b70ad226bceb848f1f37469deac563fe807496968d3d3392bdde3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af8e7a7c7e1b70ad226bceb848f1f37469deac563fe807496968d3d3392bdde3.dll,#1
  2⤵
  PID:1072

memory/1072-54-0x0000000000000000-mapping.dmp

Download
memory/1072-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1072-56-0x0000000000330000-0x000000000035A000-memory.dmp

Filesize
168KB

Download
memory/1072-57-0x0000000000330000-0x000000000035A000-memory.dmp

Filesize
168KB

Download