4524201c0c9724a624ddcda51bbcb14c5ec407868d4f277de04dcd63e9d8d840

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 01:51

Target

cccf3b01f71cd410853fa26e86a17220.dll
Size

9KB
MD5

cccf3b01f71cd410853fa26e86a17220
SHA1

f787a8e83153255d91a126164463f33be7d68849
SHA256

4524201c0c9724a624ddcda51bbcb14c5ec407868d4f277de04dcd63e9d8d840
SHA512

3d3f6547b0566f398740a8121c2e5dbd7c0227c0e5a21e60c674245c4daad311b90c74bac1c3471780e60084785fa0184fa06203deee7897c2e299e145f7353a
SSDEEP

96:oM0wpYdFBX5Gch1UNiEaw+J4BSPGXb1jiAnpL/72nmw+AAgox2l3MVV/JY:oM0wpYd4URw5BSPobpRyn/7A/eC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2080	2240	rundll32.exe	28
PID 2240 wrote to memory of 2080	2240	rundll32.exe	28
PID 2240 wrote to memory of 2080	2240	rundll32.exe	28
PID 2240 wrote to memory of 2080	2240	rundll32.exe	28
PID 2240 wrote to memory of 2080	2240	rundll32.exe	28
PID 2240 wrote to memory of 2080	2240	rundll32.exe	28
PID 2240 wrote to memory of 2080	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cccf3b01f71cd410853fa26e86a17220.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cccf3b01f71cd410853fa26e86a17220.dll,#1
  2⤵
  PID:2080

memory/2080-0-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/2080-1-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download