fe6090239b3423d964efeba3f920e82dc1d678944d94a0fa333608c134dd73cd

Analysis

max time kernel
21s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 21:30

Target

fe6090239b3423d964efeba3f920e82dc1d678944d94a0fa333608c134dd73cd.dll
Size

33KB
MD5

b8b1c859f4bda85efc9f94630b5e8e22
SHA1

c044679506c4484a3d8c8c762cdcbfd6ee2b2491
SHA256

fe6090239b3423d964efeba3f920e82dc1d678944d94a0fa333608c134dd73cd
SHA512

a3ac53544dd810ea90181aaa719794342cd800dd0118b2f78194417bfa5828c39b9a9a7021467631480f26c2aaaa64c13f5c8daa245f4f8fe5ce604e2c8103ca
SSDEEP

768:Zi3rNCcoRXhR/puQSeakO2g97ktepaI5hqDzTR5bSC:ZqNr0X0WakO7ktepaWkzRdSC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1904	1948	rundll32.exe	27
PID 1948 wrote to memory of 1904	1948	rundll32.exe	27
PID 1948 wrote to memory of 1904	1948	rundll32.exe	27
PID 1948 wrote to memory of 1904	1948	rundll32.exe	27
PID 1948 wrote to memory of 1904	1948	rundll32.exe	27
PID 1948 wrote to memory of 1904	1948	rundll32.exe	27
PID 1948 wrote to memory of 1904	1948	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe6090239b3423d964efeba3f920e82dc1d678944d94a0fa333608c134dd73cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe6090239b3423d964efeba3f920e82dc1d678944d94a0fa333608c134dd73cd.dll,#1
  2⤵
  PID:1904

memory/1904-55-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download