8af4c35ce2fbaa68c1736fc69073acb459e7c2094dd9f6dd9ce611eb3168c195

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
03-09-2023 13:05

Target

2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll
Size

208KB
MD5

d0d1ede925af99a08fd475a4ba7e076f
SHA1

7c318dbe3e492e376f6fe1a4d2b3da89dd673a6d
SHA256

8af4c35ce2fbaa68c1736fc69073acb459e7c2094dd9f6dd9ce611eb3168c195
SHA512

30f4face351b2a5809351a53c27e6db180f92943bd9928c9b8c226ade586b336bd0da8b48420d8bc6df32c15ce091c97b757cc135a2f09b1cfceecee81db9df0
SSDEEP

3072:1I6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUmY53:1IDff9D8C6XYRw6MT2DEj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1916 wrote to memory of 2296	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2296	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2296	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2296	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2296	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2296	1916	rundll32.exe	rundll32.exe
PID 1916 wrote to memory of 2296	1916	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll,#1
2⤵
PID:2296