cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 08:14

Target

cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll
Size

160KB
MD5

8b84a58287d60c2b04af308791c22bf8
SHA1

dd2eb9dfa9130f1126b3a8c5c309178ab73b0848
SHA256

cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71
SHA512

2f7f193c2c42cf915e2f83a583668b5f2dbfef40cf4ce47f608a3645b3b597f8d916b01b2d230bd0ccc377b34766daed1903bc029b91351191e865fd258ff3c5
SSDEEP

3072:I02rPPBHaDJRCP5otSUrUXk4bAtcryyYbQ0ngzJKYF5Q:wrPPyJgPuU3bAZFn8F5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1280 wrote to memory of 1288	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 1288	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 1288	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 1288	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 1288	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 1288	1280	rundll32.exe	rundll32.exe
PID 1280 wrote to memory of 1288	1280	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1280

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll,#1
2⤵
PID:1288