cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:51

Target

cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll
Size

134KB
MD5

4c32c3cb923604469f70d5ecee4dc7fd
SHA1

64e44eab3ed37d9756d5f106d4757b81f7867e25
SHA256

cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0
SHA512

96734b33ac328a2748e41fac295fa4872b28c51f743468a2aa9b0a9578627e1aef028ce5ae5378f1515e41f20e262e71dd3fea3350c449872a57170223cd9525
SSDEEP

1536:JsIuIJkuvfZ/Auwe2PjWJnsYXP77nqSOslmoXqc6nuPK+h+hj5eKbUgWutlPAaHR:6NyxvfGXqJsQKDZNc6nuPKc+hAed7zo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 1532	1320	rundll32.exe	27
PID 1320 wrote to memory of 1532	1320	rundll32.exe	27
PID 1320 wrote to memory of 1532	1320	rundll32.exe	27
PID 1320 wrote to memory of 1532	1320	rundll32.exe	27
PID 1320 wrote to memory of 1532	1320	rundll32.exe	27
PID 1320 wrote to memory of 1532	1320	rundll32.exe	27
PID 1320 wrote to memory of 1532	1320	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll,#1
  2⤵
  PID:1532

memory/1532-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download
memory/1532-56-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download