ab39906301c85bcda901811c8e65c21d029a192ee883f4698a01d1a86b3f05cb

Analysis

max time kernel
45s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 15:38

Target

ab39906301c85bcda901811c8e65c21d029a192ee883f4698a01d1a86b3f05cb.dll
Size

95KB
MD5

e5a11285dbcae1d76fe49694d64bc441
SHA1

0328e1a697d088b0e4e8f12a2224fd3a4fe6b441
SHA256

ab39906301c85bcda901811c8e65c21d029a192ee883f4698a01d1a86b3f05cb
SHA512

77946c4ce4b987204447ed8d5bf7351840fdfcc8a883179c360d7ff9b54ec7dc673f33e677f04d6e4ef7fef3556a6292d9f3e478a8ee7ce740ba5d595cb464e9
SSDEEP

1536:WfmZegFcSVLkPHUn8asr4s6iZdNmuqVcz+7fkwa4fsf5kwV:TZegFcCLd8asrT6i1qVc+LkwaDkwV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1288	1652	rundll32.exe	27
PID 1652 wrote to memory of 1288	1652	rundll32.exe	27
PID 1652 wrote to memory of 1288	1652	rundll32.exe	27
PID 1652 wrote to memory of 1288	1652	rundll32.exe	27
PID 1652 wrote to memory of 1288	1652	rundll32.exe	27
PID 1652 wrote to memory of 1288	1652	rundll32.exe	27
PID 1652 wrote to memory of 1288	1652	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab39906301c85bcda901811c8e65c21d029a192ee883f4698a01d1a86b3f05cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab39906301c85bcda901811c8e65c21d029a192ee883f4698a01d1a86b3f05cb.dll,#1
  2⤵
  PID:1288

memory/1288-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download