cd7ccc4b6d45048581585d50a4aaa570be538035a7dcd2ad11aa7893804d4205

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 18:01

Target

cd7ccc4b6d45048581585d50a4aaa570be538035a7dcd2ad11aa7893804d4205.dll
Size

4.5MB
MD5

6040f7bf245e781c23d8dec4005e334f
SHA1

d2544c11d1f49d9a79e2b4f60368b017a96e041b
SHA256

cd7ccc4b6d45048581585d50a4aaa570be538035a7dcd2ad11aa7893804d4205
SHA512

61c4bc2c50e5878f7c706232be716abfd96f02f796cf276cbd99a66ada37ebf54c87bbcb2186e4ee53acd86aafbe17d5f1aed6cb91e124348cd56f2e9cbefb41
SSDEEP

49152:0lJb2b5t/I61/EF3uhGKqN81L4XoXpd9MG8oe2KtBMsuVqpyhlqduf:wuH/7xs3vJ81LooZ+tBM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2860	2632	rundll32.exe	28
PID 2632 wrote to memory of 2860	2632	rundll32.exe	28
PID 2632 wrote to memory of 2860	2632	rundll32.exe	28
PID 2632 wrote to memory of 2860	2632	rundll32.exe	28
PID 2632 wrote to memory of 2860	2632	rundll32.exe	28
PID 2632 wrote to memory of 2860	2632	rundll32.exe	28
PID 2632 wrote to memory of 2860	2632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd7ccc4b6d45048581585d50a4aaa570be538035a7dcd2ad11aa7893804d4205.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd7ccc4b6d45048581585d50a4aaa570be538035a7dcd2ad11aa7893804d4205.dll,#1
  2⤵
  PID:2860

memory/2860-0-0x0000000074ED0000-0x000000007535C000-memory.dmp

Filesize
4.5MB

Download
memory/2860-1-0x0000000074ED0000-0x000000007535C000-memory.dmp

Filesize
4.5MB

Download
memory/2860-2-0x0000000074A40000-0x0000000074ECC000-memory.dmp

Filesize
4.5MB

Download
memory/2860-3-0x0000000074A40000-0x0000000074ECC000-memory.dmp

Filesize
4.5MB

Download