6bb60f0892377ce4bcd7380b5f4380d9c0f1cbb23d74a25e1b4072f93671ceb8

Analysis

max time kernel
37s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 21:23

Target

6bb60f0892377ce4bcd7380b5f4380d9c0f1cbb23d74a25e1b4072f93671ceb8.dll
Size

34KB
MD5

8286b8f0083921e0f526d7549bb0c220
SHA1

cc6e92a9d0a58e8dda5d1cd32b96aec01c718b8b
SHA256

6bb60f0892377ce4bcd7380b5f4380d9c0f1cbb23d74a25e1b4072f93671ceb8
SHA512

9a444e7a6ccb27751d10677712e0d0c0338657bb1f3cd2c272ed7250495a9cbbad716d551b3ee0cc82d6c2161934d2fb918f53fbf0a32501eb03f7dfba4d0af6
SSDEEP

768:17tXGKqr8zXfaLtzxI7rQimiNf5hqD1DRCbtrvqr:179GCfaL47rQipkxRmtrvqr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 1236	1392	rundll32.exe	28
PID 1392 wrote to memory of 1236	1392	rundll32.exe	28
PID 1392 wrote to memory of 1236	1392	rundll32.exe	28
PID 1392 wrote to memory of 1236	1392	rundll32.exe	28
PID 1392 wrote to memory of 1236	1392	rundll32.exe	28
PID 1392 wrote to memory of 1236	1392	rundll32.exe	28
PID 1392 wrote to memory of 1236	1392	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bb60f0892377ce4bcd7380b5f4380d9c0f1cbb23d74a25e1b4072f93671ceb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bb60f0892377ce4bcd7380b5f4380d9c0f1cbb23d74a25e1b4072f93671ceb8.dll,#1
  2⤵
  PID:1236

memory/1236-55-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download