c6b37704c90c9b4d2b45c98e5d54bad15f696fa5057fd197fe6af70a53f9972a

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 02:15

Target

c6b37704c90c9b4d2b45c98e5d54bad15f696fa5057fd197fe6af70a53f9972a.dll
Size

108KB
MD5

0d2ee55ac6f20d3422cbebdbdfaa6be4
SHA1

8a05cd0e8c53d21ec7e33bcadfc02dc109743ce5
SHA256

c6b37704c90c9b4d2b45c98e5d54bad15f696fa5057fd197fe6af70a53f9972a
SHA512

69f01213f9672110911aa37d9f122cf48659e7fc891286fcdc9571824a4ce229f95c5839d78e9be5fbb49527effbc79d91795a209c7a8c7da4366ac41648b4c5
SSDEEP

3072:T+d+u5wIGyvRvbKRU/wxftbepDJeLc8PPy:6d+u5VGyvtsR1bTz3y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1812	2920	rundll32.exe	28
PID 2920 wrote to memory of 1812	2920	rundll32.exe	28
PID 2920 wrote to memory of 1812	2920	rundll32.exe	28
PID 2920 wrote to memory of 1812	2920	rundll32.exe	28
PID 2920 wrote to memory of 1812	2920	rundll32.exe	28
PID 2920 wrote to memory of 1812	2920	rundll32.exe	28
PID 2920 wrote to memory of 1812	2920	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6b37704c90c9b4d2b45c98e5d54bad15f696fa5057fd197fe6af70a53f9972a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6b37704c90c9b4d2b45c98e5d54bad15f696fa5057fd197fe6af70a53f9972a.dll,#1
  2⤵
  PID:1812