e0b2ab8be6e038ab94886abea75675a937750f3d88cc5265cb59c505357e0162

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 19:46

Target

cc452248c195058a54854096abf1c70f.dll
Size

18KB
MD5

cc452248c195058a54854096abf1c70f
SHA1

aec7e0135a1307aaf6282f1937b8f26386b5ef2a
SHA256

e0b2ab8be6e038ab94886abea75675a937750f3d88cc5265cb59c505357e0162
SHA512

05fe191487428e47ffbc7c1d9cc2111393faadf8707311e18556526ad211d53a5deeffa85d373cfb69c00259f11053323448244a676c8639e4a8800ffb2bb724
SSDEEP

384:KaJe2jJlvhX1LOcNFlHRmPXaAy0KXaFXruCKPdp7IYM6Y:NJ5jJnJ/NUk1qFXrSpcb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2892	2872	rundll32.exe	28
PID 2872 wrote to memory of 2892	2872	rundll32.exe	28
PID 2872 wrote to memory of 2892	2872	rundll32.exe	28
PID 2872 wrote to memory of 2892	2872	rundll32.exe	28
PID 2872 wrote to memory of 2892	2872	rundll32.exe	28
PID 2872 wrote to memory of 2892	2872	rundll32.exe	28
PID 2872 wrote to memory of 2892	2872	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc452248c195058a54854096abf1c70f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc452248c195058a54854096abf1c70f.dll,#1
  2⤵
  PID:2892