cbfbcd21c66d3d4d748502e22658cb4c4e56cca915a37302ef59690d68a215a6

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 06:24

Target

cbfbcd21c66d3d4d748502e22658cb4c4e56cca915a37302ef59690d68a215a6.dll
Size

98KB
MD5

cb0c939268262b2ce0b1d60189aed1ca
SHA1

2cdd6e74c3a8480e7a24edb3edfd3bf569a33d0e
SHA256

cbfbcd21c66d3d4d748502e22658cb4c4e56cca915a37302ef59690d68a215a6
SHA512

356132fe035a778bcd7a159e380ff44278e09ad5e322dcbba1e1b35dc2b5965e20219da1258ea61c8b7bfbd7ca95f9cdc29735a846971a859b0501a3186e7cb4
SSDEEP

3072:qPR+57kHJuX2tceg2Fv8PgSlmcQuwAz27uK:QS7kpucwYvQxlmoBz27uK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27
PID 1884 wrote to memory of 1168	1884	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbfbcd21c66d3d4d748502e22658cb4c4e56cca915a37302ef59690d68a215a6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbfbcd21c66d3d4d748502e22658cb4c4e56cca915a37302ef59690d68a215a6.dll,#1
  2⤵
  PID:1168

memory/1168-55-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/1168-56-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download