ceee7f252380248cf46cdac88a9c7969a4cc584c3c700190b6100dd1a446c048

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 20:38

Target

ceee7f252380248cf46cdac88a9c7969a4cc584c3c700190b6100dd1a446c048.dll
Size

81KB
MD5

02923197fbad1bec0a90498003bca3d4
SHA1

52dde04bf1fd5f565904fbffa949afe4a962fcd0
SHA256

ceee7f252380248cf46cdac88a9c7969a4cc584c3c700190b6100dd1a446c048
SHA512

d755ee6c82993b1d710af915512f2dc7bc84ccae7a5782345c1bf44c295667f0061bdea733f6fe042413169d1435c5083c6abd821dd26046b8ac39fb36978777
SSDEEP

1536:Hm5pRHtzLkPkft3UYLtLgAx43MpawT+F/K166i/2CBCnhSrgD:Hm5rHtzLkPyt3RFhpawey/WshSri

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27
PID 1380 wrote to memory of 1672	1380	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceee7f252380248cf46cdac88a9c7969a4cc584c3c700190b6100dd1a446c048.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ceee7f252380248cf46cdac88a9c7969a4cc584c3c700190b6100dd1a446c048.dll,#1
  2⤵
  PID:1672

memory/1672-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/1672-56-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/1672-57-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/1672-58-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download