cbb05d3090c7cfe84b3d37fb4ebea5b73f02a0bdb07350381344c8771fb5f5a5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 02:48

Target

cbb05d3090c7cfe84b3d37fb4ebea5b73f02a0bdb07350381344c8771fb5f5a5.dll
Size

327KB
MD5

b8a872fbf8259452a734967377d642e2
SHA1

dfa595e15f9bf601e5bb64921b758e5f94e7ea54
SHA256

cbb05d3090c7cfe84b3d37fb4ebea5b73f02a0bdb07350381344c8771fb5f5a5
SHA512

47c1559719338279bb55b2628379b8340156f5398029700d7b311f87c8934517b7bcdf3a0f325cf2a14f0605ec98251c88236d6ca2e77b1e6892cf745a8294d7
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2428	1916	rundll32.exe	28
PID 1916 wrote to memory of 2428	1916	rundll32.exe	28
PID 1916 wrote to memory of 2428	1916	rundll32.exe	28
PID 1916 wrote to memory of 2428	1916	rundll32.exe	28
PID 1916 wrote to memory of 2428	1916	rundll32.exe	28
PID 1916 wrote to memory of 2428	1916	rundll32.exe	28
PID 1916 wrote to memory of 2428	1916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbb05d3090c7cfe84b3d37fb4ebea5b73f02a0bdb07350381344c8771fb5f5a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbb05d3090c7cfe84b3d37fb4ebea5b73f02a0bdb07350381344c8771fb5f5a5.dll,#1
  2⤵
  PID:2428