cd20b3d9047ce4d00a2111b5c8a27938076fbf9f788d492535d9b6d1e25ce3df

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/09/2023, 16:21

Target

cd20b3d9047ce4d00a2111b5c8a27938076fbf9f788d492535d9b6d1e25ce3df.dll
Size

221KB
MD5

7d36553996b8327c451211636563ab15
SHA1

7f0a5f80e6aec72602272a2b78f31cc16ced3f4f
SHA256

cd20b3d9047ce4d00a2111b5c8a27938076fbf9f788d492535d9b6d1e25ce3df
SHA512

d23aafc4736e27e9e25285309154a2d4728c6e7b4938b2ef7d7f93037854387bd97aab66a5079d42d67efd2738950f229a1c6261ddc0d1c77771c05fb65eeea9
SSDEEP

6144:3TZzqf+2ZbLZUvuDr2rvDM+YvP7gj5NeJEPURc1:3M+2Pyu3avDMUvmu1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 1576	2424	rundll32.exe	28
PID 2424 wrote to memory of 1576	2424	rundll32.exe	28
PID 2424 wrote to memory of 1576	2424	rundll32.exe	28
PID 2424 wrote to memory of 1576	2424	rundll32.exe	28
PID 2424 wrote to memory of 1576	2424	rundll32.exe	28
PID 2424 wrote to memory of 1576	2424	rundll32.exe	28
PID 2424 wrote to memory of 1576	2424	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd20b3d9047ce4d00a2111b5c8a27938076fbf9f788d492535d9b6d1e25ce3df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd20b3d9047ce4d00a2111b5c8a27938076fbf9f788d492535d9b6d1e25ce3df.dll,#1
  2⤵
  PID:1576