09be63ba94fa6a45bbe490d7f89070dd8ab19c85923ac9b814bb5cf43c33936b

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 18:42

Target

00cef0f6966ffe4966cf0cf07ad665d4.dll
Size

8KB
MD5

00cef0f6966ffe4966cf0cf07ad665d4
SHA1

592b4eb9d0471666a3e9af3ffe7e2cb22fd5f79d
SHA256

09be63ba94fa6a45bbe490d7f89070dd8ab19c85923ac9b814bb5cf43c33936b
SHA512

6a6c1caadf42654647a126a615e6d6e7a95f43a4255b677288d1dfb2c7d5838ebf6cfc42dd3690d4f1ec4e968e5795bc8cac5fe6eeb36b0d6941cf055a0e00d7
SSDEEP

192:ihHMJm1FfkdyvzLtMB+HWvh2Cz4SLNJU+96UKWziIEccLV1nkgUwux:cMJqa2PtMBc7CkS5n1KWmwuv4r

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 1588	2644	rundll32.exe	28
PID 2644 wrote to memory of 1588	2644	rundll32.exe	28
PID 2644 wrote to memory of 1588	2644	rundll32.exe	28
PID 2644 wrote to memory of 1588	2644	rundll32.exe	28
PID 2644 wrote to memory of 1588	2644	rundll32.exe	28
PID 2644 wrote to memory of 1588	2644	rundll32.exe	28
PID 2644 wrote to memory of 1588	2644	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00cef0f6966ffe4966cf0cf07ad665d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00cef0f6966ffe4966cf0cf07ad665d4.dll,#1
  2⤵
  PID:1588

memory/1588-0-0x0000000025000000-0x0000000025016000-memory.dmp

Filesize
88KB

Download