cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 04:16

Target

cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049.dll
Size

99KB
MD5

090fa591ffb55a7bae5a7cea36ab5397
SHA1

c45024e44598106e444b6acd2b5b7eda4f4e0573
SHA256

cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049
SHA512

7f9438a418eeccae8b1a320a245ca829468e222628e9f2d1ae11ff4c42b9842febe6121d94cd68ae6cc1d74c6ca0da3e3103f9b410f2a053a2301ef93c483624
SSDEEP

1536:rVGqeHHrjdj9xcNqA1qfpGX5ZE1kpCTWg+16nm:rKLjdjLcNqRfW5cmkWJb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049.dll,#1
  2⤵
  PID:1156

memory/1156-55-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download