ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 15:58

Target

ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b.dll
Size

105KB
MD5

a0e960dd660ecceb19c6b3c81bfd6322
SHA1

918f50d1ca6064f3e5502ced4f7020048cfbf4ac
SHA256

ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b
SHA512

b4f3beb46c231bd01bc2575ad5b4c0e8bad841a3394582c2e6fcdc830370bde75294238b6746665523b3f0bafcbab5bced168a142a08e38548c96e01172f6110
SSDEEP

3072:f2RWdNEp4Ls217vZRd3hq4clTXHa60clS:f2RWdNEqgKR73hlWTXV0r

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27
PID 1672 wrote to memory of 1724	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b.dll,#1
  2⤵
  PID:1724

memory/1724-55-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download