cfd154c85faedb4923a35cb0b05ab79531cd3d347ea90094dcced69dec22f2ff

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 13:47

Target

cfd154c85faedb4923a35cb0b05ab79531cd3d347ea90094dcced69dec22f2ff.dll
Size

41KB
MD5

5dc04c21c47c53891edcf93a16760b37
SHA1

b298803deca9277790ccae9d87eadf62676cba42
SHA256

cfd154c85faedb4923a35cb0b05ab79531cd3d347ea90094dcced69dec22f2ff
SHA512

ff0a60be81b990c880fe0be3a2b396be6c474339d700a847a8b843a9b290f91fc12d2de7d12c08f316d15a7c8b4964bc23a9a5546d9e6fd754b524216435d7f9
SSDEEP

768:bGD+XIaDqDTAIkaPYlTlSWMFuG3BqCHGAS9W8LX07khdMuY8X5p7Rww:Y+YaDqHiZlf6uGxqCmE8KF+JZiw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 892	1968	rundll32.exe	27
PID 1968 wrote to memory of 892	1968	rundll32.exe	27
PID 1968 wrote to memory of 892	1968	rundll32.exe	27
PID 1968 wrote to memory of 892	1968	rundll32.exe	27
PID 1968 wrote to memory of 892	1968	rundll32.exe	27
PID 1968 wrote to memory of 892	1968	rundll32.exe	27
PID 1968 wrote to memory of 892	1968	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfd154c85faedb4923a35cb0b05ab79531cd3d347ea90094dcced69dec22f2ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfd154c85faedb4923a35cb0b05ab79531cd3d347ea90094dcced69dec22f2ff.dll,#1
  2⤵
  PID:892

memory/892-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/892-56-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/892-57-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/892-58-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/892-59-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/892-60-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download