cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 01:39

Target

cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463.dll
Size

108KB
MD5

52b4480de6f4d4f32fba2b535941c284
SHA1

4f63c0054ee983734ae9bf8f4e9aa0383748de8f
SHA256

cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463
SHA512

48cb6b38aaf71c984acc7f18c89c6787762b2219461d158929f9f9056b604e36dfb5ada3f55867c6f8099fdde3a79c89ae7cbeb6d673908bc9489386587e94b9
SSDEEP

3072:an697qlalkDnoT0N93qznrXjtjEvgWOtlJM0fv62:VqlalkrtcjrXpjag5tj/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2036	1900	rundll32.exe	27
PID 1900 wrote to memory of 2036	1900	rundll32.exe	27
PID 1900 wrote to memory of 2036	1900	rundll32.exe	27
PID 1900 wrote to memory of 2036	1900	rundll32.exe	27
PID 1900 wrote to memory of 2036	1900	rundll32.exe	27
PID 1900 wrote to memory of 2036	1900	rundll32.exe	27
PID 1900 wrote to memory of 2036	1900	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463.dll,#1
  2⤵
  PID:2036

memory/2036-55-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download