4619f64d4a55f3c73443b86ad00b015b8e3336d903ebc7fb9915bb0ca9869672

Analysis

max time kernel
28s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/04/2023, 05:55

Target

cc-common.dll
Size

356KB
MD5

e720267a22846e16e57a3be7c4cdfa6a
SHA1

851958683d28de9af0b3be3f3f1d29dc9e914dc4
SHA256

4619f64d4a55f3c73443b86ad00b015b8e3336d903ebc7fb9915bb0ca9869672
SHA512

db3b400730f4bd6ef679d8b9932c4b0db6d41cf47f96539e480a9ea6345cabce30d12cfb2ccf338b03aef57c2c8d85df53e0d2bbca46d150674546833cdf2492
SSDEEP

6144:rGpptTq76Et/NPHn1PdjxFJwMoW9vTWF5K6bVt2Eyfs/nqlbbHyx2f8qo+AwrOn:rG7Nq76qPVltfTvTWF5K6zPyfsyZ+x2e

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1732	2004	rundll32.exe	28
PID 2004 wrote to memory of 1732	2004	rundll32.exe	28
PID 2004 wrote to memory of 1732	2004	rundll32.exe	28
PID 2004 wrote to memory of 1732	2004	rundll32.exe	28
PID 2004 wrote to memory of 1732	2004	rundll32.exe	28
PID 2004 wrote to memory of 1732	2004	rundll32.exe	28
PID 2004 wrote to memory of 1732	2004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc-common.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc-common.dll,#1
  2⤵
  PID:1732