6ba55936e3df9fbb391c19a86d53275da3d82154af56bffe1f74ac84d5c3ea94

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/08/2023, 17:00

Target

6ba55936e3df9fbb391c19a86d53275da3d82154af56bffe1f74ac84d5c3ea94.dll
Size

208KB
MD5

f948792507949aac87bcb47d385f4d21
SHA1

7fee5beac3ce34710511f761e98cf2643366f7ce
SHA256

6ba55936e3df9fbb391c19a86d53275da3d82154af56bffe1f74ac84d5c3ea94
SHA512

5e96a0b9cfd8fd16f213b1418186fd73d5cef07c1c23f88942f4ad395f68d3fbf4dcc212488520c6127d2eee6142a502e444f6dfc8ea69feb8a0a2857c999799
SSDEEP

3072:lKe333yAGUhS/ZDlZqASYusPQpYDCHplqNtDp7W4jnQtyoZX9gBC9uC4oz:X333jGUh8hlZnXPzDioD7QXkMEC4oz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2232	2604	rundll32.exe	28
PID 2604 wrote to memory of 2232	2604	rundll32.exe	28
PID 2604 wrote to memory of 2232	2604	rundll32.exe	28
PID 2604 wrote to memory of 2232	2604	rundll32.exe	28
PID 2604 wrote to memory of 2232	2604	rundll32.exe	28
PID 2604 wrote to memory of 2232	2604	rundll32.exe	28
PID 2604 wrote to memory of 2232	2604	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ba55936e3df9fbb391c19a86d53275da3d82154af56bffe1f74ac84d5c3ea94.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ba55936e3df9fbb391c19a86d53275da3d82154af56bffe1f74ac84d5c3ea94.dll,#1
  2⤵
  PID:2232