fe39dd55d11aa1efd80398a3257eb0d70abfbba6360836955c909669845c2782

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 14:22

Target

UAP_SDK.dll
Size

253KB
MD5

c01ceab5ae068d4b218eb5892fd27769
SHA1

fea14f6065e8c22e5335acc0ca88ba15329d0a09
SHA256

fe39dd55d11aa1efd80398a3257eb0d70abfbba6360836955c909669845c2782
SHA512

d45ada455bfeab580799d874461a194ba063a0f1245af60bafe50b11f56f8a22f0df395fc94f8f33c950e23e78ac2e2e50fd35a436d881e82740dfea91d951df
SSDEEP

3072:cCcNVKfq1a7zEbplIOBHxU7kALPeobpH6oQ+UXBGzPMdpWfRmWleGmO6ZiY5Vy6:cSfq1QOBHxU7vLP7ZNvMdonfo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2496	1640	rundll32.exe	28
PID 1640 wrote to memory of 2496	1640	rundll32.exe	28
PID 1640 wrote to memory of 2496	1640	rundll32.exe	28
PID 1640 wrote to memory of 2496	1640	rundll32.exe	28
PID 1640 wrote to memory of 2496	1640	rundll32.exe	28
PID 1640 wrote to memory of 2496	1640	rundll32.exe	28
PID 1640 wrote to memory of 2496	1640	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UAP_SDK.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\UAP_SDK.dll,#1
  2⤵
  PID:2496