a6e57f1de0ed1ab5016f03b5aee4e8e261f381e5e71f002ca8252b29cd548970

Analysis

max time kernel
42s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:55

Target

a6e57f1de0ed1ab5016f03b5aee4e8e261f381e5e71f002ca8252b29cd548970.dll
Size

6KB
MD5

af75f6e2fa95682caa0872d1e50447a0
SHA1

761ee06cbc29b779f648924d0c45e34dd34cd3a4
SHA256

a6e57f1de0ed1ab5016f03b5aee4e8e261f381e5e71f002ca8252b29cd548970
SHA512

3077190a8be6f9fa8ee41f683f0d2fc8bca0db601cdd90db5431503d747988e575acac2cb5f1ee5e08efeee93605e27778f42c6e2a9c10fce29ecb46d9a140a3
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD78izhe:juLJ/oAdQPQa2aeng78ae

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27
PID 1836 wrote to memory of 340	1836	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6e57f1de0ed1ab5016f03b5aee4e8e261f381e5e71f002ca8252b29cd548970.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6e57f1de0ed1ab5016f03b5aee4e8e261f381e5e71f002ca8252b29cd548970.dll,#1
  2⤵
  PID:340

memory/340-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download