a6c1ffb475e3bdfd8d6fa1dac2d66f64528057e4cbc8d6f5a6aaabda831db0ac

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 20:01

Target

a6c1ffb475e3bdfd8d6fa1dac2d66f64528057e4cbc8d6f5a6aaabda831db0ac.dll
Size

95KB
MD5

254f1642069da8d44f5bc96f5479a870
SHA1

15b2538ba3b37e0fa1d38a2f5ea6dc8b6e0278cc
SHA256

a6c1ffb475e3bdfd8d6fa1dac2d66f64528057e4cbc8d6f5a6aaabda831db0ac
SHA512

686bd38bd3fa8eda7c3df25b5fbd34999f0f3f3ae6868b918985e063307ec75cf2af8ef67b0c44979bcefdd6b956ad03055489edef559278851d9c0f73711d92
SSDEEP

1536:Ao/wO/PXxTCoaPBjv4RQTjhurcy2ElfiEUtwkc9htC73cZmrOHI:AojTXa9v4RQHErd2EdiEULYtC7MZmr0I

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 1080	1056	rundll32.exe	26
PID 1056 wrote to memory of 1080	1056	rundll32.exe	26
PID 1056 wrote to memory of 1080	1056	rundll32.exe	26
PID 1056 wrote to memory of 1080	1056	rundll32.exe	26
PID 1056 wrote to memory of 1080	1056	rundll32.exe	26
PID 1056 wrote to memory of 1080	1056	rundll32.exe	26
PID 1056 wrote to memory of 1080	1056	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6c1ffb475e3bdfd8d6fa1dac2d66f64528057e4cbc8d6f5a6aaabda831db0ac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6c1ffb475e3bdfd8d6fa1dac2d66f64528057e4cbc8d6f5a6aaabda831db0ac.dll,#1
  2⤵
  PID:1080

memory/1080-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download