6db155cae8b79b8d4ed6125b2d2d7458e3877a1ae0740314d0209b7441c466d4

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 04:46

Target

6db155cae8b79b8d4ed6125b2d2d7458e3877a1ae0740314d0209b7441c466d4.dll
Size

2.6MB
MD5

67ba5b523318325b38da843875cf4c66
SHA1

67043c8d61ac4a3a83d768ac9f698f0d9e819e44
SHA256

6db155cae8b79b8d4ed6125b2d2d7458e3877a1ae0740314d0209b7441c466d4
SHA512

b7464ea45b2197815f2ce18117cc1ec43ce315b3113d874147a220faed85e288eae1dc01edfb7500f1ef219782dc95e907132812ab6cd90456070c043041c977
SSDEEP

49152:DNfyS8KrpTQAiLL83faLL1yV8Cdq0DI53k+U4DIrd:BqS8Kre4fa/zCs0DH+U4Did

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3000	2944	rundll32.exe	28
PID 2944 wrote to memory of 3000	2944	rundll32.exe	28
PID 2944 wrote to memory of 3000	2944	rundll32.exe	28
PID 2944 wrote to memory of 3000	2944	rundll32.exe	28
PID 2944 wrote to memory of 3000	2944	rundll32.exe	28
PID 2944 wrote to memory of 3000	2944	rundll32.exe	28
PID 2944 wrote to memory of 3000	2944	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6db155cae8b79b8d4ed6125b2d2d7458e3877a1ae0740314d0209b7441c466d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6db155cae8b79b8d4ed6125b2d2d7458e3877a1ae0740314d0209b7441c466d4.dll,#1
  2⤵
  PID:3000