14cc5a6d6d0309968c0d6ab4ff48defafacbdbae60a5c53cc79904c33870718e

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-02-2023 18:35

Target

14cc5a6d6d0309968c0d6ab4ff48defafacbdbae60a5c53cc79904c33870718e.dll
Size

950KB
MD5

90f626716080300418eee16c43d81ce7
SHA1

d42cea3f11d290f7e9a5e9a5309729a707f09340
SHA256

14cc5a6d6d0309968c0d6ab4ff48defafacbdbae60a5c53cc79904c33870718e
SHA512

78cffa160d4f704439f9e237747f06bfdcd70163ed344be2ffe6fd5787bc132ac213ef71e4d5aed7d76910c3499de4423454da9ef2f22b5afe63fc12eb0e3e9d
SSDEEP

24576:S2cdd0IZrJx8Xya2rvSoUPu2NBjVBaWtiIxi:tcdyIZrDnrvi22NBpJiIxi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1940 wrote to memory of 2004	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2004	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2004	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2004	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2004	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2004	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2004	1940	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14cc5a6d6d0309968c0d6ab4ff48defafacbdbae60a5c53cc79904c33870718e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14cc5a6d6d0309968c0d6ab4ff48defafacbdbae60a5c53cc79904c33870718e.dll,#1
  2⤵
  PID:2004

memory/2004-55-0x00000000021A0000-0x00000000024D9000-memory.dmp

Filesize
3.2MB

Download
memory/2004-54-0x00000000021A0000-0x00000000024D9000-memory.dmp

Filesize
3.2MB

Download
memory/2004-56-0x00000000021A0000-0x00000000024D9000-memory.dmp

Filesize
3.2MB

Download
memory/2004-57-0x00000000021A0000-0x00000000024D9000-memory.dmp

Filesize
3.2MB

Download