cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 03:03

Target

cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll
Size

317KB
MD5

f5ad507b38954e1accd0facf2f0b1301
SHA1

fb5c121189bab7b4663ba0bac7167e7690a6263a
SHA256

cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf
SHA512

d67169aa881c43f0e4e37b833210236e2f325c892142e7bf480ada6e09efb467b0b89613c51e1153b3173fee022d33971cba11db4896d9bb3d55025ad363f345
SSDEEP

6144:zmWoza0a1IMVVEb3uqRpwIUV9lMYmFQqZRRphLuVucfb8ehbjN8wS21bKRTw4f3x:zmWQa0a1IMVr9eMqbRzLuVucfb8ehbjH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2212	3000	rundll32.exe	28
PID 3000 wrote to memory of 2212	3000	rundll32.exe	28
PID 3000 wrote to memory of 2212	3000	rundll32.exe	28
PID 3000 wrote to memory of 2212	3000	rundll32.exe	28
PID 3000 wrote to memory of 2212	3000	rundll32.exe	28
PID 3000 wrote to memory of 2212	3000	rundll32.exe	28
PID 3000 wrote to memory of 2212	3000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll,#1
  2⤵
  PID:2212