af1241f2e5170c9310da8b3244778873ecc2250434e50fec6a1037beb12c3d83

Analysis

max time kernel
35s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:50

Target

af1241f2e5170c9310da8b3244778873ecc2250434e50fec6a1037beb12c3d83.dll
Size

6KB
MD5

1f7014beca5f1622060c7915712d2af0
SHA1

d60f5b5b4d1c7918001eee341e99271de6da9e35
SHA256

af1241f2e5170c9310da8b3244778873ecc2250434e50fec6a1037beb12c3d83
SHA512

3b8e93b5b810c87abdc50c376c7f0390aca643ef00dc56c3413d92e8d5267734a1fe9b45a2d8d1a629a280bc4668a6d062dc5167a7556d822b7b64714615c43d
SSDEEP

96:nEY2RrF1eqwi4BBZJprl6bSWSbzl62G6:EHRh1epp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 1620	1208	rundll32.exe	27
PID 1208 wrote to memory of 1620	1208	rundll32.exe	27
PID 1208 wrote to memory of 1620	1208	rundll32.exe	27
PID 1208 wrote to memory of 1620	1208	rundll32.exe	27
PID 1208 wrote to memory of 1620	1208	rundll32.exe	27
PID 1208 wrote to memory of 1620	1208	rundll32.exe	27
PID 1208 wrote to memory of 1620	1208	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af1241f2e5170c9310da8b3244778873ecc2250434e50fec6a1037beb12c3d83.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af1241f2e5170c9310da8b3244778873ecc2250434e50fec6a1037beb12c3d83.dll,#1
  2⤵
  PID:1620

memory/1620-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download