af93321c22c057004e1eab3618f14ddf88682a8f63c2a531a6c7ed6f52af2d0d

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22/05/2023, 18:26

Target

af93321c22c057004e1eab3618f14ddf88682a8f63c2a531a6c7ed6f52af2d0d.dll
Size

176KB
MD5

603b086628dcf448849e13aebcd16273
SHA1

039162f8af2a4af00de42a4b2e0167685d485ee3
SHA256

af93321c22c057004e1eab3618f14ddf88682a8f63c2a531a6c7ed6f52af2d0d
SHA512

742db76be7cb44b8dee046ae551352ff513be1b5e6c74b560a848dd4aa6a0e230b89a316da53540fab508ea9da4e1313e487379632445c48e2ac1ad1d547ad6d
SSDEEP

3072:NB8pX9Ssl7lw8/lPzHYz+qiwWJeTYG9/fvtHaYqLDiebQHbBzjoTlPKEL9k:UX9vw8/lPzHYz+qiwWEMEH1HaYYKcKyk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1220	1660	rundll32.exe	27
PID 1660 wrote to memory of 1220	1660	rundll32.exe	27
PID 1660 wrote to memory of 1220	1660	rundll32.exe	27
PID 1660 wrote to memory of 1220	1660	rundll32.exe	27
PID 1660 wrote to memory of 1220	1660	rundll32.exe	27
PID 1660 wrote to memory of 1220	1660	rundll32.exe	27
PID 1660 wrote to memory of 1220	1660	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af93321c22c057004e1eab3618f14ddf88682a8f63c2a531a6c7ed6f52af2d0d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af93321c22c057004e1eab3618f14ddf88682a8f63c2a531a6c7ed6f52af2d0d.dll,#1
  2⤵
  PID:1220