aafe18f1e63d123d1543d43c09a3e2443e5ef79722b91fb09700e1654a21919b

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 00:06

Target

aafe18f1e63d123d1543d43c09a3e2443e5ef79722b91fb09700e1654a21919b.dll
Size

88KB
MD5

e59d7bf0af172acad3e4c837e92d991b
SHA1

3adb108ff6a830ba40d9473dc8b977f0b86db516
SHA256

aafe18f1e63d123d1543d43c09a3e2443e5ef79722b91fb09700e1654a21919b
SHA512

198735e04845ba438c4f26b89aedfb2cfe5f7069f92eaeca9cc7d7d53e87ec8e7ee46da476ba2dbab86d758dc3fd795fc03f4ef4f19d00d8eae8bfcd6a0ef8f7
SSDEEP

1536:fcV6pUva5kAVnEBlweQAioxnqJHU4+t+8zoFmB7jK+SrL/2wTAXfg:fcVafVELweVPnqJHc+r9L/2wcXI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aafe18f1e63d123d1543d43c09a3e2443e5ef79722b91fb09700e1654a21919b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aafe18f1e63d123d1543d43c09a3e2443e5ef79722b91fb09700e1654a21919b.dll,#1
  2⤵
  PID:1672

memory/1672-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/1672-56-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download