cc02bc53419d0f2a2fc1c7d9bb8a472b10658f9f28fd257df163aa52ff82de3c

Analysis

max time kernel
166s
max time network
27s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 05:23

Target

cc02bc53419d0f2a2fc1c7d9bb8a472b10658f9f28fd257df163aa52ff82de3c.dll
Size

51KB
MD5

83cd7ae6bc732379afa72a7f60d92d4c
SHA1

aaeff6d5c4709fa113b2fc2437e3126ddef62b92
SHA256

cc02bc53419d0f2a2fc1c7d9bb8a472b10658f9f28fd257df163aa52ff82de3c
SHA512

b93a0c2a6567582471642af2c3a12cd3e89cfa4863a11c1848b6c79e269a6154c1ed01e20a32edaa33325d447cfb2dc94b7dd77ba122e9f27511a20edc5f46fd
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL5JYH5:1dWubF3n9S91BF3fbodJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2676	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2676	1692	rundll32.exe	29
PID 1692 wrote to memory of 2676	1692	rundll32.exe	29
PID 1692 wrote to memory of 2676	1692	rundll32.exe	29
PID 1692 wrote to memory of 2676	1692	rundll32.exe	29
PID 1692 wrote to memory of 2676	1692	rundll32.exe	29
PID 1692 wrote to memory of 2676	1692	rundll32.exe	29
PID 1692 wrote to memory of 2676	1692	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc02bc53419d0f2a2fc1c7d9bb8a472b10658f9f28fd257df163aa52ff82de3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc02bc53419d0f2a2fc1c7d9bb8a472b10658f9f28fd257df163aa52ff82de3c.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2676