aacd938e37a179bd2a0ce6070032975241e42ab7dd68671bdf1715ca2e93821e

Analysis

max time kernel
33s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 09:28

Target

aacd938e37a179bd2a0ce6070032975241e42ab7dd68671bdf1715ca2e93821e.dll
Size

295KB
MD5

f73ece47ca74a3d175dcb7babfb35c25
SHA1

698d1a77c1ff45b46c3830fbdef746be37cb152e
SHA256

aacd938e37a179bd2a0ce6070032975241e42ab7dd68671bdf1715ca2e93821e
SHA512

b2903e235f62568d54b2411526424c0dd6db61a5538093c08a7cef8f701293e18cac0e82eee31293829cf8aa0cb1addd328d5d1cfa747673bd4c6b80939fb8f8
SSDEEP

6144:EdhDCjdcxOs9sWiYWRRjQ97w+L8aIflh3HhM6hS:Yh+BmO9W9WRRQ97ZPIff3e6Y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1944	1708	rundll32.exe	26
PID 1708 wrote to memory of 1944	1708	rundll32.exe	26
PID 1708 wrote to memory of 1944	1708	rundll32.exe	26
PID 1708 wrote to memory of 1944	1708	rundll32.exe	26
PID 1708 wrote to memory of 1944	1708	rundll32.exe	26
PID 1708 wrote to memory of 1944	1708	rundll32.exe	26
PID 1708 wrote to memory of 1944	1708	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aacd938e37a179bd2a0ce6070032975241e42ab7dd68671bdf1715ca2e93821e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aacd938e37a179bd2a0ce6070032975241e42ab7dd68671bdf1715ca2e93821e.dll,#1
  2⤵
  PID:1944

memory/1944-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1944-56-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download
memory/1944-57-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download