cb5db110723da0dab6c512006911e00d1ae1684ee91036412b93e9314428ec9d

Analysis

max time kernel
228s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 21:03

Target

cb5db110723da0dab6c512006911e00d1ae1684ee91036412b93e9314428ec9d.dll
Size

35KB
MD5

556d719c75936bd4708448daaf9ba143
SHA1

5c4df01ad7f16b8aed112613b29044be4fbea3d0
SHA256

cb5db110723da0dab6c512006911e00d1ae1684ee91036412b93e9314428ec9d
SHA512

2849f30a560722ce2608d803d37393716fdf153a82dce130b2a14c2a0fec79eea0232ba1f47ca6871c3136b68dc8d47a770bfa61d84d169586b6ede0f639650f
SSDEEP

768:OU/2lhGcXng5dBCgTyNCRANfWTTfCjprRQBwTf:l/2PGenOBCiyQiNenfCjvQa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 760	1508	rundll32.exe	27
PID 1508 wrote to memory of 760	1508	rundll32.exe	27
PID 1508 wrote to memory of 760	1508	rundll32.exe	27
PID 1508 wrote to memory of 760	1508	rundll32.exe	27
PID 1508 wrote to memory of 760	1508	rundll32.exe	27
PID 1508 wrote to memory of 760	1508	rundll32.exe	27
PID 1508 wrote to memory of 760	1508	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb5db110723da0dab6c512006911e00d1ae1684ee91036412b93e9314428ec9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb5db110723da0dab6c512006911e00d1ae1684ee91036412b93e9314428ec9d.dll,#1
  2⤵
  PID:760

memory/760-55-0x0000000074E61000-0x0000000074E63000-memory.dmp

Filesize
8KB

Download