6e26c6aa09ca13cd23094ac5f88f9c53bc719f3d8795110a250af81bd892f49b

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 06:34

Target

6e26c6aa09ca13cd23094ac5f88f9c53bc719f3d8795110a250af81bd892f49b.dll
Size

94KB
MD5

47a21d6eb50bef72c10292c02b88b1b5
SHA1

bf966faca1e65664e70b6df9b55c23edcef38246
SHA256

6e26c6aa09ca13cd23094ac5f88f9c53bc719f3d8795110a250af81bd892f49b
SHA512

574dbcbcbe3a076e225ce15a8c8f08e1dd3c7569dbe2dabbbe61f46f5c6ed3f19d54e52b54927c1013927c5b3081c6da7dd7d08a7f86324f07b7b2c1a9a34e05
SSDEEP

1536:SQclh8MIwu5+oYtdTPqCLL7vSJ65uTcjEW0JruPMvO3ZyoTo6:ahdIw/oY9WiCPW0IPMvO3Zjt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e26c6aa09ca13cd23094ac5f88f9c53bc719f3d8795110a250af81bd892f49b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e26c6aa09ca13cd23094ac5f88f9c53bc719f3d8795110a250af81bd892f49b.dll,#1
  2⤵
  PID:1928

memory/1928-54-0x0000000000000000-mapping.dmp

Download
memory/1928-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download