6655ac2a9a5fca4bdbd88ae1828a52786d6a6c43d8af9cc85fc8ae995e4f0d74

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:28

Target

6655ac2a9a5fca4bdbd88ae1828a52786d6a6c43d8af9cc85fc8ae995e4f0d74.dll
Size

917KB
MD5

19b0022f24b3df12f87a06cd821437eb
SHA1

2c6174615e6736dc856555b421c603d087169157
SHA256

6655ac2a9a5fca4bdbd88ae1828a52786d6a6c43d8af9cc85fc8ae995e4f0d74
SHA512

42a7546e35655d7afb30c28bdf136a2c27d459474bfd9398b4771dd00c194a6fe3ae41ddd85ebfa3ce38f357e19ca9aa42f8fbd5b42f2ddedce7eaeeac90dc5f
SSDEEP

12288:fkfWkISfQV60QkzT1L9/L+aebnNfgu5OQ9JbIKDOC1giK:MfBtfQZT1L9/L+aebnNZPTb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1876	1888	rundll32.exe	28
PID 1888 wrote to memory of 1876	1888	rundll32.exe	28
PID 1888 wrote to memory of 1876	1888	rundll32.exe	28
PID 1888 wrote to memory of 1876	1888	rundll32.exe	28
PID 1888 wrote to memory of 1876	1888	rundll32.exe	28
PID 1888 wrote to memory of 1876	1888	rundll32.exe	28
PID 1888 wrote to memory of 1876	1888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6655ac2a9a5fca4bdbd88ae1828a52786d6a6c43d8af9cc85fc8ae995e4f0d74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6655ac2a9a5fca4bdbd88ae1828a52786d6a6c43d8af9cc85fc8ae995e4f0d74.dll,#1
  2⤵
  PID:1876

memory/1876-0-0x0000000010000000-0x0000000010116000-memory.dmp

Filesize
1.1MB

Download
memory/1876-1-0x0000000010000000-0x0000000010116000-memory.dmp

Filesize
1.1MB

Download