9af59edae2d9755f0a9e6768436242eacde901e10000dfcc8cfbf29c8d72463f

Analysis

max time kernel
41s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 05:43

Target

9af59edae2d9755f0a9e6768436242eacde901e10000dfcc8cfbf29c8d72463f.dll
Size

49KB
MD5

cd8ae64a26548e4285f03dbfc03c79c0
SHA1

d8ce845fe8cc33850b479be0915f6752894a26b7
SHA256

9af59edae2d9755f0a9e6768436242eacde901e10000dfcc8cfbf29c8d72463f
SHA512

e7c3303eb7f080744db7499c1203968ea0aca3e437afb77142b2e05e63ea164bbb87994b11554f5dc86eeafb1baecdf0dd83ead64a657e5f70429e0c0aa19cfc
SSDEEP

768:dz6aW9P7GUNtUguUsGm3p1DsEo6kEI2pjsC6OAexqCMF+sATjx+2F0m6aQ:dz619z/KgCGm3gl6ndoCRt8F+nTvyZaQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1384	2016	rundll32.exe	28
PID 2016 wrote to memory of 1384	2016	rundll32.exe	28
PID 2016 wrote to memory of 1384	2016	rundll32.exe	28
PID 2016 wrote to memory of 1384	2016	rundll32.exe	28
PID 2016 wrote to memory of 1384	2016	rundll32.exe	28
PID 2016 wrote to memory of 1384	2016	rundll32.exe	28
PID 2016 wrote to memory of 1384	2016	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9af59edae2d9755f0a9e6768436242eacde901e10000dfcc8cfbf29c8d72463f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9af59edae2d9755f0a9e6768436242eacde901e10000dfcc8cfbf29c8d72463f.dll,#1
  2⤵
  PID:1384

memory/1384-54-0x0000000000000000-mapping.dmp

Download
memory/1384-55-0x0000000076AE1000-0x0000000076AE3000-memory.dmp

Filesize
8KB

Download
memory/1384-56-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/1384-57-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/1384-58-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/1384-59-0x0000000000140000-0x0000000000145000-memory.dmp

Filesize
20KB

Download