a76ea2a61aafbcb041e83d79daa265a34480c219c8983f3fdc5be1235fde555b

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 19:21

Target

ccL40.dll
Size

369KB
MD5

24aa6d05bf9b0fb50d7c539ba885a1d7
SHA1

95072636239e9c2d194fdc37c4a2bc1bc1e8e92c
SHA256

a76ea2a61aafbcb041e83d79daa265a34480c219c8983f3fdc5be1235fde555b
SHA512

3e68396994b38b3024e28f1b290a5b8a5440b0b8d6d56399be69ec29b894f978436e58425d0e84633861c2eae028319b558e4883c7791cc063dfba90a1906949
SSDEEP

6144:L8AsFCkAc8cKG+PVFL+Ta4rwWGIoaH7EANJlxww0LtZoaVJajYSUu8xw8cCJ1:L8AsFCVc8cKG+P3LN4rwdIoaHgANJnwp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2028	2008	rundll32.exe	28
PID 2008 wrote to memory of 2028	2008	rundll32.exe	28
PID 2008 wrote to memory of 2028	2008	rundll32.exe	28
PID 2008 wrote to memory of 2028	2008	rundll32.exe	28
PID 2008 wrote to memory of 2028	2008	rundll32.exe	28
PID 2008 wrote to memory of 2028	2008	rundll32.exe	28
PID 2008 wrote to memory of 2028	2008	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccL40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccL40.dll,#1
  2⤵
  PID:2028

memory/2028-55-0x00000000760C1000-0x00000000760C3000-memory.dmp

Filesize
8KB

Download