6134a33d143dd6352fd19b5e4e2572de7e29e9d9d2e017acdf5ac7dc91b7bed6

Analysis

max time kernel
29s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 18:33

Target

6134a33d143dd6352fd19b5e4e2572de7e29e9d9d2e017acdf5ac7dc91b7bed6.dll
Size

54KB
MD5

2cdfcc881833ed312270dcb768317f34
SHA1

9b67b4694deeef127180f3aa61e35ad4f2636c64
SHA256

6134a33d143dd6352fd19b5e4e2572de7e29e9d9d2e017acdf5ac7dc91b7bed6
SHA512

b8e8f96ac7a98eed9bf66bd94a09b2c0b867dee0ed6bcca36e1a18f13e74e4af3901023036d65674f7082a776bda3923f188f59a824631d702bc86d2c72deab6
SSDEEP

768:G8PsjuUSRFrLNTR3rJevOwK/1tPL9LzI5VD2xs6YMyvxkOUkioceai:/zXNPC5KTPL9LKwxev5Vai

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 948	1064	rundll32.exe	28
PID 1064 wrote to memory of 948	1064	rundll32.exe	28
PID 1064 wrote to memory of 948	1064	rundll32.exe	28
PID 1064 wrote to memory of 948	1064	rundll32.exe	28
PID 1064 wrote to memory of 948	1064	rundll32.exe	28
PID 1064 wrote to memory of 948	1064	rundll32.exe	28
PID 1064 wrote to memory of 948	1064	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6134a33d143dd6352fd19b5e4e2572de7e29e9d9d2e017acdf5ac7dc91b7bed6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6134a33d143dd6352fd19b5e4e2572de7e29e9d9d2e017acdf5ac7dc91b7bed6.dll,#1
  2⤵
  PID:948

memory/948-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download