dcb35a5b927db8b3231f8a0cc6a6f21b76e23a7014dfc31077ae54d017f40555

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-05-2023 21:05

Target

dcb35a5b927db8b3231f8a0cc6a6f21b76e23a7014dfc31077ae54d017f40555.dll
Size

288KB
MD5

cedf263a9c0f2a6408a06516146c79df
SHA1

1800965f0e3b5690d87b01e808ca7045f2fe8609
SHA256

dcb35a5b927db8b3231f8a0cc6a6f21b76e23a7014dfc31077ae54d017f40555
SHA512

8d82e52840386011ee82f43cb5beeb86e0bb44f311a2fced347d9ca6a7d0259ce26c12d7a188aa63863041fa64a9776ebd16e0df7c39361e8e12a797a8729b12
SSDEEP

6144:oB22mO/Kvrg9feF24WPJa4fldvZf+sZWg:T2mO/Kvrg9fxHPJj9dv1P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1108 wrote to memory of 2012	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 2012	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 2012	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 2012	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 2012	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 2012	1108	rundll32.exe	rundll32.exe
PID 1108 wrote to memory of 2012	1108	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb35a5b927db8b3231f8a0cc6a6f21b76e23a7014dfc31077ae54d017f40555.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb35a5b927db8b3231f8a0cc6a6f21b76e23a7014dfc31077ae54d017f40555.dll,#1
  2⤵
  PID:2012