0cdfb88a5295bd4ce3077580e36d1f33905cd223f4ac553e4086e32e6d12a155

Analysis

max time kernel
36s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 04:27

Target

0cdfb88a5295bd4ce3077580e36d1f33905cd223f4ac553e4086e32e6d12a155.dll
Size

14KB
MD5

800826c82e2840cdd7e12c4d4352d8fb
SHA1

4980f6d357caf99edad637bb2cec6c8a136f1054
SHA256

0cdfb88a5295bd4ce3077580e36d1f33905cd223f4ac553e4086e32e6d12a155
SHA512

595ec35c1894074cde51e2597c6d3b9bf27fc912f64d05ce9a8ab312878ef9f4c7876098b2d02ee736ef65b0dff811cac61d0bc90521c0ed986e520537f9615a
SSDEEP

384:SFQkUlSPyveOC+oZ8Psupe0kSQ4x8dKyzS:KQkUBeH+VEupehcxgK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27
PID 1148 wrote to memory of 548	1148	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cdfb88a5295bd4ce3077580e36d1f33905cd223f4ac553e4086e32e6d12a155.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cdfb88a5295bd4ce3077580e36d1f33905cd223f4ac553e4086e32e6d12a155.dll,#1
  2⤵
  PID:548

memory/548-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download