cfa30c83ff7ccd566e91a75d2827ab4ba8198a0b3d4ac8861fa5fae9ec62bf0d

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 01:08

Target

cfa30c83ff7ccd566e91a75d2827ab4ba8198a0b3d4ac8861fa5fae9ec62bf0d.dll
Size

7KB
MD5

53ffd28a3a3d9766e66a0b2d4ea7c5e1
SHA1

3b23fe2a4099a5d67ecd12329b890745bed86d3a
SHA256

cfa30c83ff7ccd566e91a75d2827ab4ba8198a0b3d4ac8861fa5fae9ec62bf0d
SHA512

edf0b7dba596cf68e7103fb1cad062f8b1a3a7026c18f745e434cc69b71256addf7006fd1d4e95ed389822f1cc0529cd1417680b2cb96aa3a7b5372435900cb7
SSDEEP

48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWwbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPGq3qX5S2hV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28
PID 2080 wrote to memory of 1956	2080	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfa30c83ff7ccd566e91a75d2827ab4ba8198a0b3d4ac8861fa5fae9ec62bf0d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfa30c83ff7ccd566e91a75d2827ab4ba8198a0b3d4ac8861fa5fae9ec62bf0d.dll,#1
  2⤵
  PID:1956