6e836641de90d8ce79fe5457963b8593dd0cc567a27422f94121ccf67d4136ae

Analysis

max time kernel
3s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 22:00

Target

6e836641de90d8ce79fe5457963b8593dd0cc567a27422f94121ccf67d4136ae.dll
Size

34KB
MD5

ddf0dad89971ef58cd66c8975a971500
SHA1

e5fa0d095ebf3adfb4926f5f2951343ac9e8417c
SHA256

6e836641de90d8ce79fe5457963b8593dd0cc567a27422f94121ccf67d4136ae
SHA512

faf21e89f915eb0a3643111ef94de2c05dd5d8ad86d266fca097dcd9d3c8d1bae93f9833f9e692a8eb459fdb0da8387a13fd4384d0296c4b5eb2e9481ef1c628
SSDEEP

768:BQg1pmTl4azOpupJHNr7rOppFbOOJLd2RIoqG5:ug1pmTlJMup7rOpDPR2RIoqg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28
PID 1312 wrote to memory of 1128	1312	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e836641de90d8ce79fe5457963b8593dd0cc567a27422f94121ccf67d4136ae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e836641de90d8ce79fe5457963b8593dd0cc567a27422f94121ccf67d4136ae.dll,#1
  2⤵
  PID:1128

memory/1128-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download