9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad

Analysis

max time kernel
225s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 08:10

Target

9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad.dll
Size

396KB
MD5

bc21507477e42e57e8db0fdbe968ee2a
SHA1

34e09a80749bd52caac5b853c83a8b96b84a4626
SHA256

9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad
SHA512

a9d1ca1056ec9836706f4064feee62fc42d9fa40894af4da3b23513d56754268a9a595d0bb33e0b73f489effd425d665f2038c9c499db6ec2413bfe92ef18523
SSDEEP

12288:F5k73qcAv4KSRaalT1bbTRQmGERzeh4ffBN8famTI:MrQv4tRaa91bbfGERY4fpNqaUI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 600	772	rundll32.exe	27
PID 772 wrote to memory of 600	772	rundll32.exe	27
PID 772 wrote to memory of 600	772	rundll32.exe	27
PID 772 wrote to memory of 600	772	rundll32.exe	27
PID 772 wrote to memory of 600	772	rundll32.exe	27
PID 772 wrote to memory of 600	772	rundll32.exe	27
PID 772 wrote to memory of 600	772	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad.dll,#1
  2⤵
  PID:600

memory/600-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download
memory/600-56-0x00000000006D0000-0x000000000073D000-memory.dmp

Filesize
436KB

Download