b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8

Analysis

max time kernel
36s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 10:45

Target

b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8.dll
Size

23KB
MD5

a33f002cb236db973b1cc51643d75745
SHA1

00586c90c2010a5c9a47cb75843cc0584d19061e
SHA256

b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8
SHA512

200ecaa30f6aed08d315e0c73e3c77c955c8b08732f1e1e85e47617cfc61b04391e58696cb58c7cb52540a4600a3fa40a7e196d9ae1cf9d092b63b01223c4958
SSDEEP

384:U56XxvaIHCKLoj7TpcoO1q76Ma72yWirfNi9rApN2bcXr8xZmWDJPKat3nd:UcDCKEnTpcoO1q7naIirfNiCnkcOQWVb

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mssfc.dll	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 696	1460	rundll32.exe	26
PID 1460 wrote to memory of 696	1460	rundll32.exe	26
PID 1460 wrote to memory of 696	1460	rundll32.exe	26
PID 1460 wrote to memory of 696	1460	rundll32.exe	26
PID 1460 wrote to memory of 696	1460	rundll32.exe	26
PID 1460 wrote to memory of 696	1460	rundll32.exe	26
PID 1460 wrote to memory of 696	1460	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:696

memory/696-55-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download