949f8d17e9e2e632e8d0f1e7f47327300a5c2e8d937eccf15f5b78a4fc882e35

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 08:27

Target

CabDLL.dll
Size

28KB
MD5

a4c07c7c2328612f32465ed4350fc6b1
SHA1

578e751f602ed19336406e85e59fdc807e8e5e47
SHA256

1fb5fd45067a68ca5cd7428ff2ac81cb5b090ee48383e3ab771d89d08eb10332
SHA512

24990ceb668f03410ee62fcf47cfae57a0c5cd1dc09308f8b839c9bcb3ae20c332fdd9ab4a1e63996035b2c835a2aba07b1a38d5a94a47f4432d2c781d711283
SSDEEP

192:hRpioDMVr1UNKPpQUnShF0bvJUu0xeKSSBJOt74msjmzO87yPNv77777xYYYYYYq:hRpwzKdhqbvSXI2mrX+PvYYYYYYGL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1836 wrote to memory of 2440	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2440	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2440	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2440	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2440	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2440	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2440	1836	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CabDLL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CabDLL.dll,#1
2⤵
PID:2440