cce3e92ed63a5ffd0c5777773e476731c3e1577510924393333c05a6b2469cb9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 07:53

Target

38cc4e892814cbde8c5acd553bdc3ac0N.dll
Size

134KB
MD5

38cc4e892814cbde8c5acd553bdc3ac0
SHA1

b5ddf6e67053c2984374b3a203366aa04d8ce1e8
SHA256

cce3e92ed63a5ffd0c5777773e476731c3e1577510924393333c05a6b2469cb9
SHA512

19c5d670b5316bec5724339e6586bea1bc13ed7302dc202fbae98d6136ca41ea737c0bee5d85958790862da8d52a1339dac29489936ac943dab6ea7c80ec0f46
SSDEEP

3072:B9tzSPehapWKG8Vb/VM16d8XrjnBXo5qUHaK+1tJnIH+DxYj5vS/I:nhSS8VbLe46KKIHfQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2980	2972	rundll32.exe	30
PID 2972 wrote to memory of 2980	2972	rundll32.exe	30
PID 2972 wrote to memory of 2980	2972	rundll32.exe	30
PID 2972 wrote to memory of 2980	2972	rundll32.exe	30
PID 2972 wrote to memory of 2980	2972	rundll32.exe	30
PID 2972 wrote to memory of 2980	2972	rundll32.exe	30
PID 2972 wrote to memory of 2980	2972	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38cc4e892814cbde8c5acd553bdc3ac0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38cc4e892814cbde8c5acd553bdc3ac0N.dll,#1
  2⤵
  PID:2980