a0ab7207d749478662b4bd724e89704ec27ac529c4b4e4d97e8e2c919e7e6f1e

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 21:54

Target

a0ab7207d749478662b4bd724e89704ec27ac529c4b4e4d97e8e2c919e7e6f1e.dll
Size

32KB
MD5

50eb19f8633b6a0e7d99ef3188d3e880
SHA1

838215463096224ff0b9e4ce6169b4272696540f
SHA256

a0ab7207d749478662b4bd724e89704ec27ac529c4b4e4d97e8e2c919e7e6f1e
SHA512

0d0994e431d8ef4c865fb2078fcb05f3e16fce67b3931764a3997a0ad20617113e59eee137147f84616d5df07daabaa714c9bb4dc1c381f4435cc15c6931015d
SSDEEP

768:bMhqpHLSlNb31pbNG7v6fbZOVOQKTRqMuBkK:4qpA1pQ7ifbK2RqMuBd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27
PID 1600 wrote to memory of 1396	1600	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0ab7207d749478662b4bd724e89704ec27ac529c4b4e4d97e8e2c919e7e6f1e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0ab7207d749478662b4bd724e89704ec27ac529c4b4e4d97e8e2c919e7e6f1e.dll,#1
  2⤵
  PID:1396

memory/1396-54-0x0000000000000000-mapping.dmp

Download
memory/1396-55-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download