6af238378d9228990cca6267b4ed888ca478b54a55a94b7c8c7577ec6d71fcc9

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:05

Target

6af238378d9228990cca6267b4ed888ca478b54a55a94b7c8c7577ec6d71fcc9.dll
Size

358KB
MD5

4a0bffd7337d21f541c8166db42ef780
SHA1

4c47da629c9a352dcadf6ac9c39b46265ba88631
SHA256

6af238378d9228990cca6267b4ed888ca478b54a55a94b7c8c7577ec6d71fcc9
SHA512

b4dde682f484c45d9535cee17bb3c521f9ea158878d77c33d32e2e59bcab40c60f44a2fbcfeb66e686a7b919c0fb29b5c7dd3e88f05fb5c562f823b231d1bb55
SSDEEP

6144:YuObmyLwFNuwCpnmxN65Trg2PH4gmpwpClh0+4/MgWp1YFxhtEAq6SFyiyxCsKSD:Y3mkw3udz22amrOV4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1660 wrote to memory of 744	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 744	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 744	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 744	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 744	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 744	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 744	1660	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6af238378d9228990cca6267b4ed888ca478b54a55a94b7c8c7577ec6d71fcc9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6af238378d9228990cca6267b4ed888ca478b54a55a94b7c8c7577ec6d71fcc9.dll,#1
2⤵
PID:744

memory/744-54-0x0000000000000000-mapping.dmp

Download
memory/744-55-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/744-56-0x0000000010000000-0x000000001005D000-memory.dmp

Filesize
372KB

Download