4a6eb1dda05a5c793bd193915dc2ae83ddac4c43d25642243d89b97d06ebcff5

Analysis

max time kernel
2s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:45

Target

4a6eb1dda05a5c793bd193915dc2ae83ddac4c43d25642243d89b97d06ebcff5.dll
Size

63KB
MD5

74a72febbd37db791d97c7a061571ed0
SHA1

62bf8aceb654088d136e7b6b5fd3b78d553b2a5f
SHA256

4a6eb1dda05a5c793bd193915dc2ae83ddac4c43d25642243d89b97d06ebcff5
SHA512

87f615a1f81b94928fff09c7cff7c7160b764b949eb8b3d086a58781de5e9b2928e97e6133292734f44ad3dae9e5f88d0a8dd2df5cc8cb6731ceb9371943a4a2
SSDEEP

1536:EGdwXaS8lktxWhoEcIGba30VsacDdJD5INrxz:EGdwXLiopIFkknD5INV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28
PID 1184 wrote to memory of 1220	1184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a6eb1dda05a5c793bd193915dc2ae83ddac4c43d25642243d89b97d06ebcff5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a6eb1dda05a5c793bd193915dc2ae83ddac4c43d25642243d89b97d06ebcff5.dll,#1
  2⤵
  PID:1220

memory/1220-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download