aef751891e71e83d8bb8f3c3473cc2377e69184f5fd5f954776c4b564bc8bd79

Analysis

max time kernel
232s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:31

Target

aef751891e71e83d8bb8f3c3473cc2377e69184f5fd5f954776c4b564bc8bd79.dll
Size

7KB
MD5

a2703d3acb30709513bd98f2ac78bc20
SHA1

aa499760ce92126b0584e4bde59ac8cc8709eba9
SHA256

aef751891e71e83d8bb8f3c3473cc2377e69184f5fd5f954776c4b564bc8bd79
SHA512

d81de1644b45463353fc6c98b7958ac5d5cc11d8c5d45917e68f9e950e6cd377485239a13ab7e1d3ae4c75e58eef2ae510d05bcce3ec262c23099f20a75b4409
SSDEEP

96:FurYVbs15rZ+TMz6ZTHNu2a8+x9G3G1c/YFAWc5Q2L2vH7OcL+9IZENBefRZm/wd:F746TMz9BGF/YFAWcK2L2TOci9I2Be3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 852	876	rundll32.exe	28
PID 876 wrote to memory of 852	876	rundll32.exe	28
PID 876 wrote to memory of 852	876	rundll32.exe	28
PID 876 wrote to memory of 852	876	rundll32.exe	28
PID 876 wrote to memory of 852	876	rundll32.exe	28
PID 876 wrote to memory of 852	876	rundll32.exe	28
PID 876 wrote to memory of 852	876	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aef751891e71e83d8bb8f3c3473cc2377e69184f5fd5f954776c4b564bc8bd79.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aef751891e71e83d8bb8f3c3473cc2377e69184f5fd5f954776c4b564bc8bd79.dll,#1
  2⤵
  PID:852

memory/852-55-0x0000000076771000-0x0000000076773000-memory.dmp

Filesize
8KB

Download