afd906dd49fe83976628a0640ddbea50bccf2f1083605245af74450361fd3efb

Analysis

max time kernel
57s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 08:54

Target

afd906dd49fe83976628a0640ddbea50bccf2f1083605245af74450361fd3efb.dll
Size

288KB
MD5

8b49aaa9a767ab306ede4fe31db40850
SHA1

a805600e400574b61b69ea86ddc37f95ad855a97
SHA256

afd906dd49fe83976628a0640ddbea50bccf2f1083605245af74450361fd3efb
SHA512

beb927ebbbd2a7efd416fb9030185a831bb483c9e929275423e04113d3daa43fe6d34bc9575cd81f7b7e53d3d9405d61203ad6833d7173d1597a0eed984d9c98
SSDEEP

6144:ZdMJ8kW+AvBMG6G38m4T+9hQ12ObBScrZSwLQ5h90x4hm3KsxpRef:y8kW+AeG6GMmhc12HcrswLQ5q3BY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1156	1712	rundll32.exe	28
PID 1712 wrote to memory of 1156	1712	rundll32.exe	28
PID 1712 wrote to memory of 1156	1712	rundll32.exe	28
PID 1712 wrote to memory of 1156	1712	rundll32.exe	28
PID 1712 wrote to memory of 1156	1712	rundll32.exe	28
PID 1712 wrote to memory of 1156	1712	rundll32.exe	28
PID 1712 wrote to memory of 1156	1712	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afd906dd49fe83976628a0640ddbea50bccf2f1083605245af74450361fd3efb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afd906dd49fe83976628a0640ddbea50bccf2f1083605245af74450361fd3efb.dll,#1
  2⤵
  PID:1156

memory/1156-55-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download