28e85f358edc05e8b745aa1e0253b3baed0d4083a2bbe92219e1b2c8ed25bc9a

Analysis

max time kernel
30s
max time network
136s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21-04-2023 13:55

Target

C/ProgramData/Sentinel/AFUCache/926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll
Size

7KB
MD5

1957deed26c7f157cedcbdae3c565cff
SHA1

be9e23e56c4a25a8ea453c093714eed5e36c66d0
SHA256

926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732
SHA512

324e714e99c36786f13dc408882a89b41fce1d76be7b828c93561a7ecb780030274c253e1c50322e09916ce4d4793cd61ae75b5e116e4e90f01232f2f29d5270
SSDEEP

96:WCu0DE8Z7wtZfAy/ytanQgKM4odWSNWlph8GWLIru:9Eik9AyGaQgHbdonWau

Score

8^/10

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

1 1568 rundll32.exe

flow	pid	process
1	1568	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1524 wrote to memory of 1568	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1568	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1568	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1568	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1568	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1568	1524	rundll32.exe	rundll32.exe
PID 1524 wrote to memory of 1568	1524	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1524

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll,#1
2⤵
- Blocklisted process makes network request
PID:1568