6645d12f0ae755b6803fae20bf05ea8d1d79b2ae6c883c2dcd099c885168c217

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 09:31

Target

6645d12f0ae755b6803fae20bf05ea8d1d79b2ae6c883c2dcd099c885168c217.dll
Size

50KB
MD5

0177334596a1681fae36fc25071af76b
SHA1

5673ec1b61ec2835f7ebedc0396e969e11ed4e7f
SHA256

6645d12f0ae755b6803fae20bf05ea8d1d79b2ae6c883c2dcd099c885168c217
SHA512

e899a4a73eab19593635b04a15119ec10979bfad32b32eafd241e03aa0c64c442789159a88b47852e88a4d9fc2e39206942e2e70d7b6c078289bd40fe30fcd88
SSDEEP

768:YIQ5R7eK22it+G4Zwa7cqbAj+94Hr1NKslSDgFFlW55tQJnI6b7l2it0fKepnD:YIQGK22P97oCKjlSeG56I6Xl2YSD

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27
PID 1672 wrote to memory of 1644	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6645d12f0ae755b6803fae20bf05ea8d1d79b2ae6c883c2dcd099c885168c217.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6645d12f0ae755b6803fae20bf05ea8d1d79b2ae6c883c2dcd099c885168c217.dll,#1
  2⤵
  PID:1644

memory/1644-54-0x0000000000000000-mapping.dmp

Download
memory/1644-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download