abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba

Analysis

max time kernel
45s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 09:21

Target

abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba.dll
Size

60KB
MD5

b787fbc8ce368ec764443072e981e66d
SHA1

882f9ff531822b60ae51b185ed89eb7059876086
SHA256

abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba
SHA512

5344dcd6c246d0f2d080b9442e392b9e962674c55c5fd21e6d7a955f85659abe8760407e85ad47bb117b4a208f0de0841de8fc797ea8889f99d8dd2da5e78e28
SSDEEP

768:e9htYuxxMz4m/0+m45dC66lsgrgipeaddlrTpEMaqZFI6rF2zRb1sueIxz9IsSnH:kVSzqiAls+gi0wvphy8F2zRb1suL9cH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 932	976	rundll32.exe	28
PID 976 wrote to memory of 932	976	rundll32.exe	28
PID 976 wrote to memory of 932	976	rundll32.exe	28
PID 976 wrote to memory of 932	976	rundll32.exe	28
PID 976 wrote to memory of 932	976	rundll32.exe	28
PID 976 wrote to memory of 932	976	rundll32.exe	28
PID 976 wrote to memory of 932	976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba.dll,#1
  2⤵
  PID:932

memory/932-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/932-57-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/932-56-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/932-58-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download