afc4ee6bc5a6e7f15c7dd8a982b9b4ec628972151991a60c80022ed7cfb06951

Analysis

max time kernel
240s
max time network
332s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:51

Target

afc4ee6bc5a6e7f15c7dd8a982b9b4ec628972151991a60c80022ed7cfb06951.dll
Size

33KB
MD5

4d08ca10c855a46bdb73d3c5f842065f
SHA1

5740385a7855872a17e42bbe8bcf52a409cdf09b
SHA256

afc4ee6bc5a6e7f15c7dd8a982b9b4ec628972151991a60c80022ed7cfb06951
SHA512

e4f4a4df6b976648ca1f127fee47a48c7742bd165579c7a7156b54a286ed5f9ff431d075255446fa1c8ef3d76f36e0ab04882bd9ad004f6d5afa039995a089ef
SSDEEP

768:w8pjghrK5eEOyzNqi9UHjA7Vsc7vHFT35hcDCsjpRZd/aI:w8pjarK5eNH8X7vlTpCusjpRz/5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 1492	1156	rundll32.exe	28
PID 1156 wrote to memory of 1492	1156	rundll32.exe	28
PID 1156 wrote to memory of 1492	1156	rundll32.exe	28
PID 1156 wrote to memory of 1492	1156	rundll32.exe	28
PID 1156 wrote to memory of 1492	1156	rundll32.exe	28
PID 1156 wrote to memory of 1492	1156	rundll32.exe	28
PID 1156 wrote to memory of 1492	1156	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afc4ee6bc5a6e7f15c7dd8a982b9b4ec628972151991a60c80022ed7cfb06951.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afc4ee6bc5a6e7f15c7dd8a982b9b4ec628972151991a60c80022ed7cfb06951.dll,#1
  2⤵
  PID:1492

memory/1492-55-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download