0cfd7e9b7c6bf8e5005539ffde7ae35fd4825ca730024d761d7ab416f9c167cc

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 18:36

Target

0cfd7e9b7c6bf8e5005539ffde7ae35fd4825ca730024d761d7ab416f9c167cc.dll
Size

81KB
MD5

d4cff48856e024690609ccf9be0a8880
SHA1

be12d92c25026caf42c4837c90aa68e816f15225
SHA256

0cfd7e9b7c6bf8e5005539ffde7ae35fd4825ca730024d761d7ab416f9c167cc
SHA512

8ccd8eaaf4f5687d7fddfcd397d3146bf88ce94a952d752e778cf2019a694d0307bacaa0c6157ffe6c41fb3668d2ed3317a699330ad515630b12c7ba9b17897e
SSDEEP

1536:stByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WT:s4v4JKXTx71w0ArSsXF3enq8WT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1732	2820	rundll32.exe	28
PID 2820 wrote to memory of 1732	2820	rundll32.exe	28
PID 2820 wrote to memory of 1732	2820	rundll32.exe	28
PID 2820 wrote to memory of 1732	2820	rundll32.exe	28
PID 2820 wrote to memory of 1732	2820	rundll32.exe	28
PID 2820 wrote to memory of 1732	2820	rundll32.exe	28
PID 2820 wrote to memory of 1732	2820	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cfd7e9b7c6bf8e5005539ffde7ae35fd4825ca730024d761d7ab416f9c167cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cfd7e9b7c6bf8e5005539ffde7ae35fd4825ca730024d761d7ab416f9c167cc.dll,#1
  2⤵
  PID:1732