3333d89ddfa742a08a030422c6228481ec01502a1ec75f27f8b28bc0c930cd7e

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 11:12

Target

7cf7ee888292802451c836cf4aed4cf4.dll
Size

120KB
MD5

7cf7ee888292802451c836cf4aed4cf4
SHA1

20f9cbf59696d02e1712f4886667d79e4575f000
SHA256

3333d89ddfa742a08a030422c6228481ec01502a1ec75f27f8b28bc0c930cd7e
SHA512

68e93317a7bbcfb5e5cfb68aff0a91fb3db8ff0ddbfdbcdf2b74800ffbc28825f2b0a395b82cf444f59fc0921fb1f9d2e5a3c24ccffc6f99fff050b74fc5aed6
SSDEEP

3072:GBkUW1+5XIbFLfIaqoB4ZxfwkjS0dudN5A+DO8O:GBkUN54bFLfIaqoBkVh1/+Dm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 3012	2756	rundll32.exe	28
PID 2756 wrote to memory of 3012	2756	rundll32.exe	28
PID 2756 wrote to memory of 3012	2756	rundll32.exe	28
PID 2756 wrote to memory of 3012	2756	rundll32.exe	28
PID 2756 wrote to memory of 3012	2756	rundll32.exe	28
PID 2756 wrote to memory of 3012	2756	rundll32.exe	28
PID 2756 wrote to memory of 3012	2756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cf7ee888292802451c836cf4aed4cf4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cf7ee888292802451c836cf4aed4cf4.dll,#1
  2⤵
  PID:3012

memory/3012-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download