af439adda8705e071e087351a4e1cf82b322841f8330eed0020ebea7c6a84704

Analysis

max time kernel
294s
max time network
412s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 08:57

Target

af439adda8705e071e087351a4e1cf82b322841f8330eed0020ebea7c6a84704.dll
Size

769KB
MD5

8a2e2855645df9c5e1a9e4f40fc9a13b
SHA1

8d8fa5b3b1748e9d17dc190f4fb38e3bc34e71a4
SHA256

af439adda8705e071e087351a4e1cf82b322841f8330eed0020ebea7c6a84704
SHA512

fcbaff292e9d2f973e9243fece84bf29725bf03294735561603bb13a5d8f8271410d1a5a6a07c65f3e1cb9482248210db9e54065d71bde4a56c90f5800a5bb51
SSDEEP

12288:VfstTT3ZxCNfd4fCNNZAKESVc0n143cAYuRvhfWN7ToN9g9BJ:OB9x2fd+w7tqVXvhfWN7ToNSv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1512	864	rundll32.exe	27
PID 864 wrote to memory of 1512	864	rundll32.exe	27
PID 864 wrote to memory of 1512	864	rundll32.exe	27
PID 864 wrote to memory of 1512	864	rundll32.exe	27
PID 864 wrote to memory of 1512	864	rundll32.exe	27
PID 864 wrote to memory of 1512	864	rundll32.exe	27
PID 864 wrote to memory of 1512	864	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af439adda8705e071e087351a4e1cf82b322841f8330eed0020ebea7c6a84704.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af439adda8705e071e087351a4e1cf82b322841f8330eed0020ebea7c6a84704.dll,#1
  2⤵
  PID:1512

memory/1512-54-0x0000000000000000-mapping.dmp

Download
memory/1512-55-0x0000000075671000-0x0000000075673000-memory.dmp

Filesize
8KB

Download
memory/1512-56-0x00000000002F0000-0x00000000003B7000-memory.dmp

Filesize
796KB

Download