6eb6d6e2e4340c37913d4f309cafebc4c27c5c3febe389f6585b90aae70012e5

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 23:01

Target

6eb6d6e2e4340c37913d4f309cafebc4c27c5c3febe389f6585b90aae70012e5.dll
Size

38KB
MD5

ac8d82f27ff933f7dfb167dd019ecaca
SHA1

c2803ef0f6c56a50b33dc68676e38e0bf244b843
SHA256

6eb6d6e2e4340c37913d4f309cafebc4c27c5c3febe389f6585b90aae70012e5
SHA512

4ed7a85a5c7211746c2b19ff30bb948338ec3d36111a9102bf794003f63498ff809279eef1017fd591d2dea24566f07a40a5445b3bc49c00e7966ec1bba20f54
SSDEEP

768:DawL9AlogtWUZQILWuxhuP4GPf561M98FWnGwMqh0azMkP+pgHaxzUJOc:DR0ovn2tafEqcWGw1h061Pz6xKF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1628	1504	rundll32.exe	27
PID 1504 wrote to memory of 1628	1504	rundll32.exe	27
PID 1504 wrote to memory of 1628	1504	rundll32.exe	27
PID 1504 wrote to memory of 1628	1504	rundll32.exe	27
PID 1504 wrote to memory of 1628	1504	rundll32.exe	27
PID 1504 wrote to memory of 1628	1504	rundll32.exe	27
PID 1504 wrote to memory of 1628	1504	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6eb6d6e2e4340c37913d4f309cafebc4c27c5c3febe389f6585b90aae70012e5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6eb6d6e2e4340c37913d4f309cafebc4c27c5c3febe389f6585b90aae70012e5.dll,#1
  2⤵
  PID:1628

memory/1628-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download