6005bce2238501ebeafa7bdf5d2babd20e92e69f37a53368533b170f67b9d518

Analysis

max time kernel
19s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 17:22

Target

6005bce2238501ebeafa7bdf5d2babd20e92e69f37a53368533b170f67b9d518.dll
Size

67KB
MD5

d5751cd0827c918c35dc03a4c3a394c0
SHA1

01f97a260b3ba6f495baefe3a773e23d324af589
SHA256

6005bce2238501ebeafa7bdf5d2babd20e92e69f37a53368533b170f67b9d518
SHA512

d61d9f3a3346332423e6d73ea0bb323c104fec2292bfcc83cccf7ed48d857ff716443193805e0578556781ab93eb6933e2cc800fea9fa723d2959bb9227bcae9
SSDEEP

1536:8nrxDussGn4AAejPC7Mp/c+HJgKKtLhVuDvRPR:y6tV0pk+pgRLPuD5R

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28
PID 1776 wrote to memory of 1328	1776	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6005bce2238501ebeafa7bdf5d2babd20e92e69f37a53368533b170f67b9d518.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6005bce2238501ebeafa7bdf5d2babd20e92e69f37a53368533b170f67b9d518.dll,#1
  2⤵
  PID:1328

memory/1328-54-0x0000000000000000-mapping.dmp

Download
memory/1328-55-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download