6d64056720f8aa0957e55e55c3f4d21e9e971a612df6d5c06ed1911c0454f1fb

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 04:18

Target

6d64056720f8aa0957e55e55c3f4d21e9e971a612df6d5c06ed1911c0454f1fb.dll
Size

77KB
MD5

9389c97a2ed717a083284a3f6c65a660
SHA1

497fad70b18efcf63032a395c27df2812e645ca3
SHA256

6d64056720f8aa0957e55e55c3f4d21e9e971a612df6d5c06ed1911c0454f1fb
SHA512

28fc7914604677513bf5c4fba60603a163a14c3072ae54e2414cb8b95d365bb7ef42bd26c3e3ee25267b3d78150330217ab4a286056de503ed70a5905c1c53a3
SSDEEP

1536:nkb95L266MC4mTm/stBfc8vsWjcdDHqbtqP:ng36JhQDHqbYP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d64056720f8aa0957e55e55c3f4d21e9e971a612df6d5c06ed1911c0454f1fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d64056720f8aa0957e55e55c3f4d21e9e971a612df6d5c06ed1911c0454f1fb.dll,#1
  2⤵
  PID:1672

memory/1672-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download