6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:10

Target

6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll
Size

52KB
MD5

9347cb04516d2b4dde84fe1d0798aa06
SHA1

bb4d8c672acdd091098f9fd0825a94f2edfe51f9
SHA256

6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f
SHA512

83dfa06cf8811e9be42c05c6f5eed9956f4802fedafcf886bc9184b689828b7d42ec104f27208abec4d34c4038db2fa488f4ad2301d8b2bbd2677f75d5627ed7
SSDEEP

1536:5jRmOqiWPpTUEWCjpKzgqGamTO7oK1DjV69:xfqdhU2jOgqGamTahjV69

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27
PID 1048 wrote to memory of 1928	1048	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll,#1
  2⤵
  PID:1928

memory/1928-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download