0cc8cf3467a43bd2b1b89fea07ce2e8f013169904c9194c4f4f1cf77e83ff4cd

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 07:45

Target

0cc8cf3467a43bd2b1b89fea07ce2e8f013169904c9194c4f4f1cf77e83ff4cd.dll
Size

58KB
MD5

54aaf4a7dac0f3cd80863a72ad716ee0
SHA1

38aa1e35488634697e3bed85973f0d4bdf3755d4
SHA256

0cc8cf3467a43bd2b1b89fea07ce2e8f013169904c9194c4f4f1cf77e83ff4cd
SHA512

b955766af369c67fed47ae87da5942fecef0429fb66ddbab2cefb17d724be5614a6fb653932835c81ec273d81425a153fb12fd0fe4949e1199266e23b814c4f3
SSDEEP

768:GbvLDaaMact8T3qop3qGMPENccStpjiAGNAwBZaL4Rr7LXKaoKMtH6EVesiMtCte:ev2oRqGMPb5vjiAG/sURjaaojtaaiIR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 1056	1808	rundll32.exe	27
PID 1808 wrote to memory of 1056	1808	rundll32.exe	27
PID 1808 wrote to memory of 1056	1808	rundll32.exe	27
PID 1808 wrote to memory of 1056	1808	rundll32.exe	27
PID 1808 wrote to memory of 1056	1808	rundll32.exe	27
PID 1808 wrote to memory of 1056	1808	rundll32.exe	27
PID 1808 wrote to memory of 1056	1808	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc8cf3467a43bd2b1b89fea07ce2e8f013169904c9194c4f4f1cf77e83ff4cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc8cf3467a43bd2b1b89fea07ce2e8f013169904c9194c4f4f1cf77e83ff4cd.dll,#1
  2⤵
  PID:1056

memory/1056-55-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download