cf27aa9d662232c0aaaf99f1af9145e11086d277d0ce4b4bb35825661d297297

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:42

Target

6495c11eed069de36ac44e9c4b448167.dll
Size

167KB
MD5

6495c11eed069de36ac44e9c4b448167
SHA1

d322b7e52ab3223eba8baf5e28b441b888a18ebe
SHA256

cf27aa9d662232c0aaaf99f1af9145e11086d277d0ce4b4bb35825661d297297
SHA512

9e01ceb7c60a62c9ced95fef017a351c9b19543e71ce408bdf64c53450c2d7557e86426689d1eac53e31671da22a11af03ae01eb2db9605428798b08920c0c41
SSDEEP

384:doptmh9qY1J350HSiF8Y5uKSGXcjeyKi3JgrdJvwWwl4/ezVQhWvxa3V:omDqiAF7CGX7Vi3urdpwX4/eScMl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2008	1640	rundll32.exe	28
PID 1640 wrote to memory of 2008	1640	rundll32.exe	28
PID 1640 wrote to memory of 2008	1640	rundll32.exe	28
PID 1640 wrote to memory of 2008	1640	rundll32.exe	28
PID 1640 wrote to memory of 2008	1640	rundll32.exe	28
PID 1640 wrote to memory of 2008	1640	rundll32.exe	28
PID 1640 wrote to memory of 2008	1640	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6495c11eed069de36ac44e9c4b448167.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6495c11eed069de36ac44e9c4b448167.dll,#1
  2⤵
  PID:2008

memory/2008-0-0x00000000001D0000-0x0000000000201000-memory.dmp

Filesize
196KB

Download
memory/2008-1-0x00000000001D0000-0x0000000000201000-memory.dmp

Filesize
196KB

Download