6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e

Analysis

max time kernel
11s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 17:33

Target

6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e.dll
Size

692KB
MD5

8510a055c905370d30adec4e7a3c6270
SHA1

b27027bddbcaa6978809d6779a42905d51e1aae6
SHA256

6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e
SHA512

60ed2f6386bed3ce67bf673c3ebe9867031b4fe06a1d9e34a0d9305e298d8494b419833ac6943dcf3abf4b4a8b1dd1d664b9b8149a17e308a1ee7fd668f2cbfd
SSDEEP

12288:oD6/eg58EEPEec/027NGqcDrbQUw31/KyLaM+QJt7/OboCDVyJ1tW0Y50QdQX:5yEXwoayJ17YOX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28
PID 896 wrote to memory of 2016	896	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e.dll,#1
  2⤵
  PID:2016

memory/2016-54-0x0000000000000000-mapping.dmp

Download
memory/2016-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/2016-56-0x0000000010000000-0x00000000100AE000-memory.dmp

Filesize
696KB

Download
memory/2016-57-0x0000000010000000-0x00000000100AE000-memory.dmp

Filesize
696KB

Download