cfcbd2ca92c5b83717383232e70aa02f6f53a0d2cdaf81cd48f2163908d262fc

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 06:23

Target

cfcbd2ca92c5b83717383232e70aa02f6f53a0d2cdaf81cd48f2163908d262fc.dll
Size

94KB
MD5

403da19091a3a52cbb42e1102924e4c6
SHA1

9d8cb0816423e8140a18d34b417914d247a0c5b7
SHA256

cfcbd2ca92c5b83717383232e70aa02f6f53a0d2cdaf81cd48f2163908d262fc
SHA512

ba767cc90b5270e2b5445f71967c2b0f1ed2b1834aee159c8e842b50a653d19d8e488393496dd35464de5b486014a91cfd2fcef11cbadda0586c25c29bd4eaed
SSDEEP

1536:0pstl9F0gv/r7r2Zu6aORvmG92yM/hPLF5HBBBRntwek:0OtFNv/r7r0naOBYyM/hLHBBB4ek

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2040	1152	rundll32.exe	27
PID 1152 wrote to memory of 2040	1152	rundll32.exe	27
PID 1152 wrote to memory of 2040	1152	rundll32.exe	27
PID 1152 wrote to memory of 2040	1152	rundll32.exe	27
PID 1152 wrote to memory of 2040	1152	rundll32.exe	27
PID 1152 wrote to memory of 2040	1152	rundll32.exe	27
PID 1152 wrote to memory of 2040	1152	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfcbd2ca92c5b83717383232e70aa02f6f53a0d2cdaf81cd48f2163908d262fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfcbd2ca92c5b83717383232e70aa02f6f53a0d2cdaf81cd48f2163908d262fc.dll,#1
  2⤵
  PID:2040

memory/2040-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download