af708c044631c452a7a78aac1406a1ece913e15ec5d5883b88704ed72eb7cc82

Analysis

max time kernel
7s
max time network
37s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 09:40

Target

af708c044631c452a7a78aac1406a1ece913e15ec5d5883b88704ed72eb7cc82.dll
Size

13.0MB
MD5

ac817b362f144ae7b213ff30d8d9b5eb
SHA1

54fbf7f82d3aaeac7ac44cb173cd9bb9389931ad
SHA256

af708c044631c452a7a78aac1406a1ece913e15ec5d5883b88704ed72eb7cc82
SHA512

4dba7907fe1a5a7fadfc1e2613406c029a15d72f110c7aa9675f21a8b536512d4d33858adcebe9d1f32144f494da5526c61b50f8c59bea9bde69351637c91dc7
SSDEEP

393216:3K0J3Xvs4vY/ym6tBZqBcuULNsi2d24ur:3Th/sIqcOBcuMZuu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2784	1700	rundll32.exe	28
PID 1700 wrote to memory of 2784	1700	rundll32.exe	28
PID 1700 wrote to memory of 2784	1700	rundll32.exe	28
PID 1700 wrote to memory of 2784	1700	rundll32.exe	28
PID 1700 wrote to memory of 2784	1700	rundll32.exe	28
PID 1700 wrote to memory of 2784	1700	rundll32.exe	28
PID 1700 wrote to memory of 2784	1700	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af708c044631c452a7a78aac1406a1ece913e15ec5d5883b88704ed72eb7cc82.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af708c044631c452a7a78aac1406a1ece913e15ec5d5883b88704ed72eb7cc82.dll,#1
  2⤵
  PID:2784

memory/2784-0-0x0000000010000000-0x0000000010D00000-memory.dmp

Filesize
13.0MB

Download
memory/2784-1-0x0000000010000000-0x0000000010D00000-memory.dmp

Filesize
13.0MB

Download
memory/2784-2-0x0000000010000000-0x0000000010D00000-memory.dmp

Filesize
13.0MB

Download
memory/2784-3-0x0000000010000000-0x0000000010D00000-memory.dmp

Filesize
13.0MB

Download