a4cddab715de016ae5060cefbccc8a8288e427356d3982d8544192458810cfee

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-05-2023 06:28

Target

a4cddab715de016ae5060cefbccc8a8288e427356d3982d8544192458810cfee.dll
Size

176KB
MD5

ea2157dde77419d2b1cc486c0c15d131
SHA1

b7ceef5df5813e6f00fef711e727136c43246bb2
SHA256

a4cddab715de016ae5060cefbccc8a8288e427356d3982d8544192458810cfee
SHA512

ca219cad1285f8b53123dc33afb6cc091db967864000f0999288b710841b61dd17a8b5da07decd89c65db891a7bfcc0fed9e2387dbe1efe2c55497de1964602d
SSDEEP

3072:zlp6q/Simous/XjtddpZRKZGi/1pB7nVWy4lnak3BzjoTlYQ0yD4quE:zlp6q6iEeXjdpZOn/TtnoHr3hTc0E

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 1172	1124	rundll32.exe	28
PID 1124 wrote to memory of 1172	1124	rundll32.exe	28
PID 1124 wrote to memory of 1172	1124	rundll32.exe	28
PID 1124 wrote to memory of 1172	1124	rundll32.exe	28
PID 1124 wrote to memory of 1172	1124	rundll32.exe	28
PID 1124 wrote to memory of 1172	1124	rundll32.exe	28
PID 1124 wrote to memory of 1172	1124	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4cddab715de016ae5060cefbccc8a8288e427356d3982d8544192458810cfee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4cddab715de016ae5060cefbccc8a8288e427356d3982d8544192458810cfee.dll,#1
  2⤵
  PID:1172