6d5f86f428ace070f63fa8937ba6cd0c269e4beb9febf64ddf9227eaed15d1ea

Analysis

max time kernel
26s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:25

Target

6d5f86f428ace070f63fa8937ba6cd0c269e4beb9febf64ddf9227eaed15d1ea.dll
Size

5KB
MD5

625f2f9501668fbc9046b100ad2620b0
SHA1

efccb3cf7b07c49e43fd853fa081ae3083a5903c
SHA256

6d5f86f428ace070f63fa8937ba6cd0c269e4beb9febf64ddf9227eaed15d1ea
SHA512

0b4d9e6b6d35e319844c624e83dd4abac6de06c87163ec8c69de7043bfaf10ba27320f5fb6cc2c94c753749771b5e09d91a9af1e4303f164918df96a4a2ce378
SSDEEP

48:C6Vo9HBok7lYa92RranDBetlG9MgsiLdnOIiesK5zmaVTaxsDO41ZGpA0fm7irpx:nI2RrUeqFLdn3izeP0KCcZSA0+7i

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28
PID 2012 wrote to memory of 1952	2012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5f86f428ace070f63fa8937ba6cd0c269e4beb9febf64ddf9227eaed15d1ea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5f86f428ace070f63fa8937ba6cd0c269e4beb9febf64ddf9227eaed15d1ea.dll,#1
  2⤵
  PID:1952

memory/1952-55-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download