cc76d40ee8d0a3f9bc01481d617c4bbfd5b9f552cdda93ee1af87ddcfc3d110a

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 03:57

Target

cc76d40ee8d0a3f9bc01481d617c4bbfd5b9f552cdda93ee1af87ddcfc3d110a.dll
Size

8.3MB
MD5

daa9cbbd0d8bfd3239cb9a4212f73452
SHA1

def5b3459e2892efef6ab587d9c2a5fb77bcf3e9
SHA256

cc76d40ee8d0a3f9bc01481d617c4bbfd5b9f552cdda93ee1af87ddcfc3d110a
SHA512

9970a8f0809fb2dcaca851d617dcf1d6cb298bce6cc5e489d9df0e16b3aea36f02d39373065ea4f81c6ccdd9a012d2aca62b668796133f821a786d4f6e28b57c
SSDEEP

98304:XgJ1jikGonRhpkKCLlpAxFka+D8bA/WEAtTcx60lGUF:X8xikXCKCJpADkcbEAKxXIUF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27
PID 1896 wrote to memory of 2044	1896	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc76d40ee8d0a3f9bc01481d617c4bbfd5b9f552cdda93ee1af87ddcfc3d110a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc76d40ee8d0a3f9bc01481d617c4bbfd5b9f552cdda93ee1af87ddcfc3d110a.dll,#1
  2⤵
  PID:2044

memory/2044-55-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download