6d6348d54999a6321f7ed8a0f272c73d9c643d5118ba669a59a418dfbfc85c09

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 01:25

Target

6d6348d54999a6321f7ed8a0f272c73d9c643d5118ba669a59a418dfbfc85c09.dll
Size

8KB
MD5

469f186de90dfaab4717d03829addc90
SHA1

510c73fa652f08c3433f689463f0309ab1565ff5
SHA256

6d6348d54999a6321f7ed8a0f272c73d9c643d5118ba669a59a418dfbfc85c09
SHA512

46b45ca243670c40d6a0f319441db75e91f1d5c712188b3788846f31a053fc49a025f838cea87d9411429570356645c593b561597389228ed366570acab6d375
SSDEEP

96:z0xgPtJrYmVjGwd+Ub9LQEZaOr4tEZSosyUxfVo1YEn3q3:nTiS+EFVrTvUy/n3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d6348d54999a6321f7ed8a0f272c73d9c643d5118ba669a59a418dfbfc85c09.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d6348d54999a6321f7ed8a0f272c73d9c643d5118ba669a59a418dfbfc85c09.dll,#1
  2⤵
  PID:1696

memory/1696-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download