ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace

Analysis

max time kernel
94s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 03:51

Target

ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll
Size

76KB
MD5

37826c72b1b133533bbb422b35b8e17e
SHA1

1a662f80121414fcaf73a7028456f74bb5a8acc6
SHA256

ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace
SHA512

449ec87129b7442a9697855f4aa1cc1ec63fce59f7a33b09413666a1b86beafe377ce7c079f88b3cc34f82e6d1974463b795b7567316b53028fb5bb27750837f
SSDEEP

1536:Mq/JmJSP635twGuOivzH6y47fnXqcEzEhjfY:z/JmJSPACjqrqVmjg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 596 wrote to memory of 848	596	rundll32.exe	28
PID 596 wrote to memory of 848	596	rundll32.exe	28
PID 596 wrote to memory of 848	596	rundll32.exe	28
PID 596 wrote to memory of 848	596	rundll32.exe	28
PID 596 wrote to memory of 848	596	rundll32.exe	28
PID 596 wrote to memory of 848	596	rundll32.exe	28
PID 596 wrote to memory of 848	596	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll,#1
  2⤵
  PID:848

memory/848-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download