cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805

Analysis

max time kernel
33s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 04:45

Target

cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805.dll
Size

17KB
MD5

fe42d44353f466ca5fc62c8b33dd7850
SHA1

059eb506501ebf7bd80446d798941b44ac609607
SHA256

cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805
SHA512

37537e85d09cc0d901cefbfd6d40ed0c9efce4cceaff5cf5a0d3903515b55e7f577c3e391dc6ba04592d98f8eafe6b1e822825abbb4f75cc73ae99bdc0290fca
SSDEEP

384:gVwJJQxytV3h7r8Hht9AqhFNeyh2/6hDgZC+/8vCYgBzWx5V4:lQxsR7rw/mqhF8/6lgZr/8vxn5V4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805.dll,#1
  2⤵
  PID:1372

memory/1372-55-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download