2cbc032b8a68d1aec8e5d84d5ea6a8e0d18f58d083487e84412bb4171cbfe7c8

Analysis

max time kernel
19s
max time network
29s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:03

Target

2cbc032b8a68d1aec8e5d84d5ea6a8e0d18f58d083487e84412bb4171cbfe7c8.dll
Size

151KB
MD5

52e966d4099c49283723200f33f56080
SHA1

c6515e2fa9db6920492a88dd746299c1c42fd6d9
SHA256

2cbc032b8a68d1aec8e5d84d5ea6a8e0d18f58d083487e84412bb4171cbfe7c8
SHA512

30b30083a2c07614347fd68fdb6da96901dc8b1ac4453150009d82a56cfe70646aedcb027574841d0f51249c9337a6c847f711f74243d0f46bd7e35af67d6c53
SSDEEP

3072:7BvbVhqMtE+xTkekDf8YGO5wEJMdAeDSP49R+6:75+GEv50dJ3E6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2044	2040	rundll32.exe	28
PID 2040 wrote to memory of 2044	2040	rundll32.exe	28
PID 2040 wrote to memory of 2044	2040	rundll32.exe	28
PID 2040 wrote to memory of 2044	2040	rundll32.exe	28
PID 2040 wrote to memory of 2044	2040	rundll32.exe	28
PID 2040 wrote to memory of 2044	2040	rundll32.exe	28
PID 2040 wrote to memory of 2044	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cbc032b8a68d1aec8e5d84d5ea6a8e0d18f58d083487e84412bb4171cbfe7c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cbc032b8a68d1aec8e5d84d5ea6a8e0d18f58d083487e84412bb4171cbfe7c8.dll,#1
  2⤵
  PID:2044

memory/2044-55-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download
memory/2044-56-0x0000000000150000-0x0000000000175000-memory.dmp

Filesize
148KB

Download
memory/2044-57-0x0000000000150000-0x0000000000175000-memory.dmp

Filesize
148KB

Download
memory/2044-58-0x0000000000150000-0x0000000000175000-memory.dmp

Filesize
148KB

Download
memory/2044-59-0x0000000000160000-0x0000000000166000-memory.dmp

Filesize
24KB

Download