cab86b4fbff51c70b60dd3c5a22ae24eb76c43e47d52ed71e206278783ab19a8

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 18:58

Target

cab86b4fbff51c70b60dd3c5a22ae24eb76c43e47d52ed71e206278783ab19a8.dll
Size

225KB
MD5

8aef9ce8259c3d411afc31b8f6fb5c9d
SHA1

e0528af7e00053904ac7d5f5d6d6d3538e3e4234
SHA256

cab86b4fbff51c70b60dd3c5a22ae24eb76c43e47d52ed71e206278783ab19a8
SHA512

b6ec1c63b24268e3104614c44561e060612e648e3e10b83bdadc07b6ab4782f9d91c8f0cc15485105a1a2604fe7e52f7d5794748294c3c4683a2af1c6a6e5d1f
SSDEEP

6144:alOqZJkK4UXJzzK2pGDBmEkCCHQ4XCv3Qjs:vq8q9W2pOhkCF4XCv6s

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1468 wrote to memory of 1292	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1292	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1292	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1292	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1292	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1292	1468	rundll32.exe	rundll32.exe
PID 1468 wrote to memory of 1292	1468	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cab86b4fbff51c70b60dd3c5a22ae24eb76c43e47d52ed71e206278783ab19a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cab86b4fbff51c70b60dd3c5a22ae24eb76c43e47d52ed71e206278783ab19a8.dll,#1
2⤵
PID:1292

memory/1292-54-0x0000000000210000-0x000000000029C000-memory.dmp

Filesize
560KB

Download