6debc3a9c2049d40cfefb36a91d350dca32e1f111c543462db46b8aa2ff49d5b

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:31

Target

6debc3a9c2049d40cfefb36a91d350dca32e1f111c543462db46b8aa2ff49d5b.dll
Size

81KB
MD5

9225fcaa3c42ed86b7a6eab18c3ccf50
SHA1

e32ede1d680e7550ae807f41c6009cfe7f2a60f3
SHA256

6debc3a9c2049d40cfefb36a91d350dca32e1f111c543462db46b8aa2ff49d5b
SHA512

f6c7bc2c2071680c0f0d51f2905d713cede1e355a5cc190cda8c2668cfd8f3f96bb46b3ceec8c49a87cc24035d121b53fa87d4b07a85ce47e58e9903f24cb1e7
SSDEEP

1536:KByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WI:Lv4JKXTx71wnArSsXFpeXq8WI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2952 wrote to memory of 2156	2952	rundll32.exe	rundll32.exe
PID 2952 wrote to memory of 2156	2952	rundll32.exe	rundll32.exe
PID 2952 wrote to memory of 2156	2952	rundll32.exe	rundll32.exe
PID 2952 wrote to memory of 2156	2952	rundll32.exe	rundll32.exe
PID 2952 wrote to memory of 2156	2952	rundll32.exe	rundll32.exe
PID 2952 wrote to memory of 2156	2952	rundll32.exe	rundll32.exe
PID 2952 wrote to memory of 2156	2952	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6debc3a9c2049d40cfefb36a91d350dca32e1f111c543462db46b8aa2ff49d5b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2952

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6debc3a9c2049d40cfefb36a91d350dca32e1f111c543462db46b8aa2ff49d5b.dll,#1
2⤵
PID:2156