cc6be92997ce0f59ddd2ab389ce6448e2e711babb03a36d4c9e31ed28d336c1f

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-12-2022 02:29

Target

d1aaa7e7_00408000.dll
Size

315KB
MD5

d2e6d287cfe6a8fa01b2af951dd923e2
SHA1

c45ec9cfb6fc05242bd1d1a0c8b350cba0025737
SHA256

cc6be92997ce0f59ddd2ab389ce6448e2e711babb03a36d4c9e31ed28d336c1f
SHA512

ca44efad95e34b2045d5b4ad99fc1c9e73286cb6d36a2f760e873e57b4dfcdd4500f58fd45624eda5bc194cf0d389384ce9fbd45e8e3d18ee567ea6b2599e1ad
SSDEEP

1536:V2yNWTyVrtUps8aHN+CfdyXODKGEmQu+hVQDfOJboXjcm7r1ED:V27+VxUuLxfdyXfmts5bqcWr1ED

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 1736	872	rundll32.exe	28
PID 872 wrote to memory of 1736	872	rundll32.exe	28
PID 872 wrote to memory of 1736	872	rundll32.exe	28
PID 872 wrote to memory of 1736	872	rundll32.exe	28
PID 872 wrote to memory of 1736	872	rundll32.exe	28
PID 872 wrote to memory of 1736	872	rundll32.exe	28
PID 872 wrote to memory of 1736	872	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1aaa7e7_00408000.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1aaa7e7_00408000.dll,#1
  2⤵
  PID:1736

memory/1736-55-0x00000000767C1000-0x00000000767C3000-memory.dmp

Filesize
8KB

Download