06b88c56bc3e688e287ded811f6b866a63d884c1296d69b902d3ceb7b860fb1c

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 16:56

Target

06b88c56bc3e688e287ded811f6b866a63d884c1296d69b902d3ceb7b860fb1c.dll
Size

70KB
MD5

4bbe8f0f80f1b5e7c74b816d7e7d84f0
SHA1

2d3b2f4474e98f080d66b9f714db6efb22d67659
SHA256

06b88c56bc3e688e287ded811f6b866a63d884c1296d69b902d3ceb7b860fb1c
SHA512

f0f1ee610adce37d0cb9977c89cb96545335f4d6b84bc0b9f485c27910ebbdda6797e0ff03837ac098420feafc8125cd6f5d8bbf5b1c4d13c7287dde944b5882
SSDEEP

1536:5jRmO/8gRO5G0KYNmSvU/yRU5+T8G2mT6:xf/8zG0DmSseU5e8GJ6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1988	1760	rundll32.exe	28
PID 1760 wrote to memory of 1988	1760	rundll32.exe	28
PID 1760 wrote to memory of 1988	1760	rundll32.exe	28
PID 1760 wrote to memory of 1988	1760	rundll32.exe	28
PID 1760 wrote to memory of 1988	1760	rundll32.exe	28
PID 1760 wrote to memory of 1988	1760	rundll32.exe	28
PID 1760 wrote to memory of 1988	1760	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06b88c56bc3e688e287ded811f6b866a63d884c1296d69b902d3ceb7b860fb1c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06b88c56bc3e688e287ded811f6b866a63d884c1296d69b902d3ceb7b860fb1c.dll,#1
  2⤵
  PID:1988

memory/1988-55-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download