cc5d8b800efcdee48cafd5e5a57d8bd1a58ac285359ca9a0c0594fd69dce9d07

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 01:13

Target

cc5d8b800efcdee48cafd5e5a57d8bd1a58ac285359ca9a0c0594fd69dce9d07.dll
Size

70KB
MD5

cbebf8440828a76d98fb64057c1b3bb2
SHA1

1913aa885a3bf76121522cf036e07217e61828ca
SHA256

cc5d8b800efcdee48cafd5e5a57d8bd1a58ac285359ca9a0c0594fd69dce9d07
SHA512

c6a480e706ce7096e028deeab90d14fcd0236b2a6b4d52127c13a493b8766efa4bbe388d8f723d5c3fcb627851a21ccae2570ef27500406b29074c81ae505b09
SSDEEP

768:i0JSAGdqRrW0jlw+xBBhf4p/zFZht5xcIjA95zbW1tlHx4nCtIk8IuMwrvKS5gtn:PmUJl7xB4ZZh2IjK51IuMwrvz58+1ro9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc5d8b800efcdee48cafd5e5a57d8bd1a58ac285359ca9a0c0594fd69dce9d07.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc5d8b800efcdee48cafd5e5a57d8bd1a58ac285359ca9a0c0594fd69dce9d07.dll,#1
  2⤵
  PID:1708

memory/1708-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download