aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 01:51 UTC

Target

aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a.dll
Size

32KB
MD5

33b334a8970c81622d165b857b842090
SHA1

ddadb2fecbd5112d4eafd0eaa6bd1b199280f840
SHA256

aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a
SHA512

a8b47ef783a11bb974e0547d28b6395aad9cd829118d7c0a504f8caca5bb47dc81ad0cdaa46229afaabb082de51c01600936b9443475350cd718021f67698029
SSDEEP

768:oIh6p/HSZlfvKppbJ17vyfrxOVOGKLRqMjGf:96pNppj7afryERqMjGf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 932	1072	rundll32.exe	27
PID 1072 wrote to memory of 932	1072	rundll32.exe	27
PID 1072 wrote to memory of 932	1072	rundll32.exe	27
PID 1072 wrote to memory of 932	1072	rundll32.exe	27
PID 1072 wrote to memory of 932	1072	rundll32.exe	27
PID 1072 wrote to memory of 932	1072	rundll32.exe	27
PID 1072 wrote to memory of 932	1072	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a.dll,#1
  2⤵
  PID:932

memory/932-55-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download