6f6a14e2cb108990866ad3820d3bd564e73adf9e2bca787a4320d978fddce960

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 03:44

Target

6f6a14e2cb108990866ad3820d3bd564e73adf9e2bca787a4320d978fddce960.dll
Size

152KB
MD5

c15d3a90e89ec472c8b75245ef18902f
SHA1

3bcbb04e0bca15a965d7fdfbc9fbc8f50ddb665d
SHA256

6f6a14e2cb108990866ad3820d3bd564e73adf9e2bca787a4320d978fddce960
SHA512

d62a715f0867b593f268e0db40519e6f6560415c39ae63c992f7bc82b6eb76d3d23da8933c14de8dd0912bd49ace053c1ddc0a8d3bcbd65455c38b3db7e763af
SSDEEP

1536:KZIsIw/I2IuIJkuvfZ/Auw6qSDz6PWtKtPO2N1juz+xwHpRN3uGhDf:e7JFNyxvfGTSn6O62O1vgRuGhDf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26
PID 1348 wrote to memory of 1236	1348	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f6a14e2cb108990866ad3820d3bd564e73adf9e2bca787a4320d978fddce960.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f6a14e2cb108990866ad3820d3bd564e73adf9e2bca787a4320d978fddce960.dll,#1
  2⤵
  PID:1236

memory/1236-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

Filesize
8KB

Download
memory/1236-56-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download