6a6cb2f1add8817b27b351e9c97fb7067bed9a24038a7a37ece26a7012c6b114

Resubmissions

12-06-2023 19:25

12-06-2023 19:19

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-06-2023 19:19

Target

6a6cb2f1add8817b27b351e9c97fb7067bed9a24038a7a37ece26a7012c6b114.dll
Size

260KB
MD5

d5916cb2ff52e0411bc80a716b2aa528
SHA1

98baa0c511f8595f3a8b28c5ae1d69717b855791
SHA256

6a6cb2f1add8817b27b351e9c97fb7067bed9a24038a7a37ece26a7012c6b114
SHA512

618ef15305dd64d82e65e81fee659a59313998fab0d493accc122cc6795abbffcf1e31bcb1aff34413706c220777b3834a8f46240e60aca85e8d1d523f990deb
SSDEEP

6144:woGZATIJ/rRDAmZ0CI1jp8qTiAS1fW0PBJ+Y:woGGTM/hnZ0VayYv+Y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2040 wrote to memory of 2016	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 2016	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 2016	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 2016	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 2016	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 2016	2040	rundll32.exe	rundll32.exe
PID 2040 wrote to memory of 2016	2040	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a6cb2f1add8817b27b351e9c97fb7067bed9a24038a7a37ece26a7012c6b114.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a6cb2f1add8817b27b351e9c97fb7067bed9a24038a7a37ece26a7012c6b114.dll,#1
  2⤵
  PID:2016