cc90ce953bbc6da5b6ff3eb0fce3ba8aff10552720dcae3b5614ddd5c31e959a

Analysis

max time kernel
30s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 13:58

Target

cc90ce953bbc6da5b6ff3eb0fce3ba8aff10552720dcae3b5614ddd5c31e959a.dll
Size

60KB
MD5

ac5d10a2c920d2dcaefa633feed0f58d
SHA1

d6d2a8fbb54fb9468ce3a3a8deb308a9ac3bb680
SHA256

cc90ce953bbc6da5b6ff3eb0fce3ba8aff10552720dcae3b5614ddd5c31e959a
SHA512

5442c08850b415e1daf79bc5ff4bbf79a540294beb25444a70db12b93f88ba67068ccef5dc986a3f9338cca0098c4bfe0c634e96f06c09328e9d4baf95ff5bd5
SSDEEP

768:HpQ80fGxiXto0DqCdX29LNZpdfkEIXWd3XqLVndfFd64C:HqLfFo0vX4ZpSXG9XqZdNd64C

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28
PID 1676 wrote to memory of 872	1676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc90ce953bbc6da5b6ff3eb0fce3ba8aff10552720dcae3b5614ddd5c31e959a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc90ce953bbc6da5b6ff3eb0fce3ba8aff10552720dcae3b5614ddd5c31e959a.dll,#1
  2⤵
  PID:872

memory/872-55-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download