d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a

Analysis

max time kernel
90s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:53

Target

d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll
Size

4KB
MD5

d89fbb4557a2a444ddcdee2fb07d8820
SHA1

f2bde77fd818bc7a4aedb29a51586cf43cabe2bd
SHA256

d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a
SHA512

a199da730f72bde0317f258eef52c87429b62fdfa6e57bc69488b6267dbad2e2840bb87b706af7ab86734a5ed2e75ac31798bd960d6b52b1143fe19fb3e5e958
SSDEEP

48:a5zdM1cSTBg0r27vTuAEK9Vc9UwsFgdemcIaI6+PEoyXgUj7dPeJjhK:PT3r2vu9s6GwZMDIzE9XteJjA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 992	916	rundll32.exe	28
PID 916 wrote to memory of 992	916	rundll32.exe	28
PID 916 wrote to memory of 992	916	rundll32.exe	28
PID 916 wrote to memory of 992	916	rundll32.exe	28
PID 916 wrote to memory of 992	916	rundll32.exe	28
PID 916 wrote to memory of 992	916	rundll32.exe	28
PID 916 wrote to memory of 992	916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll,#1
  2⤵
  PID:992

memory/992-55-0x0000000075D51000-0x0000000075D53000-memory.dmp

Filesize
8KB

Download