cfef32c7329f2e775e0592a3a1f74fc545ef8a521092defe011441b94c88e799

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 05:58

Target

cfef32c7329f2e775e0592a3a1f74fc545ef8a521092defe011441b94c88e799.dll
Size

40KB
MD5

6463ac25ce1cce1919575bc7b6d8e670
SHA1

5df58a94c6540ebb279c60e3092eee54eb6b4558
SHA256

cfef32c7329f2e775e0592a3a1f74fc545ef8a521092defe011441b94c88e799
SHA512

b056e72e9cf59658fee307aff1a1639f1dbd7681b3869a6def7f543babf0a567d602ddd3006c05e365d55a4e075bd821aa9d7d541e51d6794daa2ae1fa719a8f
SSDEEP

768:bYaNbA6UHcrLX9X78twmhiv3kw8XCy+Rkegw3FjLoP9wH4SHU6XqmeHC:8YA6UHcrLNgWmhiv3L8XulBxo/SHBeHC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2024	1976	rundll32.exe	26
PID 1976 wrote to memory of 2024	1976	rundll32.exe	26
PID 1976 wrote to memory of 2024	1976	rundll32.exe	26
PID 1976 wrote to memory of 2024	1976	rundll32.exe	26
PID 1976 wrote to memory of 2024	1976	rundll32.exe	26
PID 1976 wrote to memory of 2024	1976	rundll32.exe	26
PID 1976 wrote to memory of 2024	1976	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfef32c7329f2e775e0592a3a1f74fc545ef8a521092defe011441b94c88e799.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfef32c7329f2e775e0592a3a1f74fc545ef8a521092defe011441b94c88e799.dll,#1
  2⤵
  PID:2024

memory/2024-55-0x0000000074D81000-0x0000000074D83000-memory.dmp

Filesize
8KB

Download