6f48f8a1334e8c387f5c680f80bb6892bd495afbdf0d75ab309bfb2b05b9d00c

Analysis

max time kernel
26s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 03:45

Target

6f48f8a1334e8c387f5c680f80bb6892bd495afbdf0d75ab309bfb2b05b9d00c.dll
Size

64KB
MD5

2497839e544942c55a5fd942a8ffb230
SHA1

e93b7e3c52d4b8992b585a248184cca67aca2609
SHA256

6f48f8a1334e8c387f5c680f80bb6892bd495afbdf0d75ab309bfb2b05b9d00c
SHA512

20d45b10d20bb0517ee267caef263cd95e725eb0eb9ce353fdb2adfa3432100778ff8661b36c264d072f4326671a0e0110d23020d2109b75f6e55e8bc8beed52
SSDEEP

768:B2hvDXhEccC336F8Yj1JMdKNsSnU0QyZZaZLU7up3A0m9FOGP:BoGccC3u8Yjr6KNzUmepfm/f

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 1960	940	rundll32.exe	28
PID 940 wrote to memory of 1960	940	rundll32.exe	28
PID 940 wrote to memory of 1960	940	rundll32.exe	28
PID 940 wrote to memory of 1960	940	rundll32.exe	28
PID 940 wrote to memory of 1960	940	rundll32.exe	28
PID 940 wrote to memory of 1960	940	rundll32.exe	28
PID 940 wrote to memory of 1960	940	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f48f8a1334e8c387f5c680f80bb6892bd495afbdf0d75ab309bfb2b05b9d00c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f48f8a1334e8c387f5c680f80bb6892bd495afbdf0d75ab309bfb2b05b9d00c.dll,#1
  2⤵
  PID:1960

memory/1960-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download
memory/1960-56-0x00000000000F0000-0x000000000010A000-memory.dmp

Filesize
104KB

Download
memory/1960-57-0x00000000000F0000-0x000000000010A000-memory.dmp

Filesize
104KB

Download