6cedf2bde6cdceb9f65ebc49096d6b341e1845a06763edfe79fabc36d61509d7

Analysis

max time kernel
10s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 03:33

Target

6cedf2bde6cdceb9f65ebc49096d6b341e1845a06763edfe79fabc36d61509d7.dll
Size

208KB
MD5

7c6df62d0f56d1696f2c76dbda38f497
SHA1

36da7b0c9bba0eeb4b78bc65edb873abe16a4372
SHA256

6cedf2bde6cdceb9f65ebc49096d6b341e1845a06763edfe79fabc36d61509d7
SHA512

b5adc5326f599aa8cdabe884be4c3616c255616a25b3defa198d2dd6d615be236a237dead79f7c3a98bbfb11c2455f4634057808e7e61c9f192e7db8773a05d4
SSDEEP

6144:B0g/bBEZr/oyRn/m0QeeaQeegQeesQee2NQeehQeeLrisL397AM1:B04bK5tD9U

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 2036	936	rundll32.exe	28
PID 936 wrote to memory of 2036	936	rundll32.exe	28
PID 936 wrote to memory of 2036	936	rundll32.exe	28
PID 936 wrote to memory of 2036	936	rundll32.exe	28
PID 936 wrote to memory of 2036	936	rundll32.exe	28
PID 936 wrote to memory of 2036	936	rundll32.exe	28
PID 936 wrote to memory of 2036	936	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cedf2bde6cdceb9f65ebc49096d6b341e1845a06763edfe79fabc36d61509d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cedf2bde6cdceb9f65ebc49096d6b341e1845a06763edfe79fabc36d61509d7.dll,#1
  2⤵
  PID:2036

memory/2036-55-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download