6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb

Analysis

max time kernel
34s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 10:54

Target

6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb.dll
Size

77KB
MD5

6a2bd73d66c8cf758919333cd3082430
SHA1

70ef8f930b63e0bcf71e253de7d6c5e5aa0cd35c
SHA256

6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb
SHA512

05f4335bc299831f656eb275e89cedd0ae0a4270028cabe49d0a23eb36ae53183193b0a563df13d96e4b99e88583f3b96880756d94a81ed7793d3a78407fd2d4
SSDEEP

1536:8xdfzUO04U6muNMzgxu+KqaFsJqMOCJSN1As/FPpFGVNU:uxzUUHmuNMzJ+KO83CJSNC4PpwnU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27
PID 1256 wrote to memory of 1264	1256	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb.dll,#1
  2⤵
  PID:1264

memory/1264-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download