aafe37e92f747ca9f8b16eb1048a2e160e5c335218cae2abe1cd5c7139d4e0a8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:41

Target

aafe37e92f747ca9f8b16eb1048a2e160e5c335218cae2abe1cd5c7139d4e0a8.dll
Size

327KB
MD5

96b90066135c9b0a461e4b7e63448e21
SHA1

dcc197d02b311895a013ccdc9b01d0a57375de1a
SHA256

aafe37e92f747ca9f8b16eb1048a2e160e5c335218cae2abe1cd5c7139d4e0a8
SHA512

1d3acc61d2cfef37cc5e240ed5d91e80b29317e1090820ab1efa36d724e0889d6e9d319d896af3328cf810fae75e158178e9c3e8963f371b555017fa52368448
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1692 wrote to memory of 1896	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1896	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1896	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1896	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1896	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1896	1692	rundll32.exe	rundll32.exe
PID 1692 wrote to memory of 1896	1692	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aafe37e92f747ca9f8b16eb1048a2e160e5c335218cae2abe1cd5c7139d4e0a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aafe37e92f747ca9f8b16eb1048a2e160e5c335218cae2abe1cd5c7139d4e0a8.dll,#1
2⤵
PID:1896