cb62090822d2ef441fc9d2b712492d00cf12e6dbf948f63c1dd78b34f94954e6

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 10:19

Target

66c3210721e312b7f24b5c6ebb231131.dll
Size

42KB
MD5

66c3210721e312b7f24b5c6ebb231131
SHA1

097e0ab7659f2bd21deb8255ffe17691d50881d3
SHA256

cb62090822d2ef441fc9d2b712492d00cf12e6dbf948f63c1dd78b34f94954e6
SHA512

8c5c8da1af7cb8f9737071a3fcacddb46cfa2b534b3dcce607dd4c6b83427ca39314a36ef0e330091e127c01c409b0229cb21e863a8127a75c4ea5db42c74e68
SSDEEP

768:eGlD0PfZu5HHpbieZxErP5lh25HfcKcFyhuJWAE2gOE2Lt:eWD0PmnpOeZxEznufcqAETO7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2544	2176	rundll32.exe	14
PID 2176 wrote to memory of 2544	2176	rundll32.exe	14
PID 2176 wrote to memory of 2544	2176	rundll32.exe	14
PID 2176 wrote to memory of 2544	2176	rundll32.exe	14
PID 2176 wrote to memory of 2544	2176	rundll32.exe	14
PID 2176 wrote to memory of 2544	2176	rundll32.exe	14
PID 2176 wrote to memory of 2544	2176	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66c3210721e312b7f24b5c6ebb231131.dll,#1
1⤵
PID:2544

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66c3210721e312b7f24b5c6ebb231131.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2176

memory/2544-0-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download