aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89

Analysis

max time kernel
37s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 09:23

Target

aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89.dll
Size

72KB
MD5

0f5739034ff0fc0331c9ad49f1205eec
SHA1

4f9a1f014d366173623efae0eff0df10e182c3ac
SHA256

aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89
SHA512

1f67342aa3e20278951983b2cc6f1f76d98253341acd25b9235f7033ad42c81d1fe5d55759aeece026e34c9f5ea92f58abeaf6a798a81ede59d42fc3fc71ae49
SSDEEP

1536:QUPMadZgQ24x/tCcgQFPvXGNRfWlAPClJO:QT8KQ2K/txrt2NNClJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1460	1504	rundll32.exe	26
PID 1504 wrote to memory of 1460	1504	rundll32.exe	26
PID 1504 wrote to memory of 1460	1504	rundll32.exe	26
PID 1504 wrote to memory of 1460	1504	rundll32.exe	26
PID 1504 wrote to memory of 1460	1504	rundll32.exe	26
PID 1504 wrote to memory of 1460	1504	rundll32.exe	26
PID 1504 wrote to memory of 1460	1504	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89.dll,#1
  2⤵
  PID:1460

memory/1460-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download