d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:47

Target

d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b.dll
Size

99KB
MD5

9a16633899ee3dbb496db34e489917eb
SHA1

83c2bcd3faf9a2a427a8764e53db792f33e99f31
SHA256

d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b
SHA512

c2dcf749caec2dc9651be6f5260b7967afc7472464cf6cf61029f71a10ad5db7da9f6c604b086de726dac9b3476bb23a0a0ab1bb264d5161e98266f8e5677ece
SSDEEP

1536:tmzEOnSND1R5ZtmijhIHTw9YWkUu+Dntcw4kuv1MP35ZPtTnhgISGUWyExrPW6uD:c7n4xZeTw9CR8vKv1MPHRQGUEoH7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6618a28693992a8a18f8f29a2ba8f384239c4ddda4d88d3af6efe2f7d7f9d2b.dll,#1
  2⤵
  PID:1472

memory/1472-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/1472-56-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/1472-57-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download