a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791

Analysis

max time kernel
25s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 09:53

Target

a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791.dll
Size

66KB
MD5

67684dd5d89742b98bb40039e5845b30
SHA1

b176bcf8b25c52404a4a7faac825fa1d931a8be6
SHA256

a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791
SHA512

e52328ac76a3999070e18102727cd9dda9580a91fb7a5e5facb3ceed30d11e5de334271a36798d5fa296aaab977446b2c519d40ebc164de4933e45cc3abcd23d
SSDEEP

1536:MhBRVgrExucMx3Ad5dY5BGInXEodvV3/Aiioqw4Ku3/DlIC:cRRsgDdY5BGI0odt3/LLu3/Dl1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 1748	912	rundll32.exe	28
PID 912 wrote to memory of 1748	912	rundll32.exe	28
PID 912 wrote to memory of 1748	912	rundll32.exe	28
PID 912 wrote to memory of 1748	912	rundll32.exe	28
PID 912 wrote to memory of 1748	912	rundll32.exe	28
PID 912 wrote to memory of 1748	912	rundll32.exe	28
PID 912 wrote to memory of 1748	912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791.dll,#1
  2⤵
  PID:1748

memory/1748-55-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download