f6b65049c4e2ef992aeec5122657cfe6c851cd8ffae46209632ab77ac3cffe3c

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 13:41

Target

cee04e3f2e10a339129940e0e5871d60N.dll
Size

6KB
MD5

cee04e3f2e10a339129940e0e5871d60
SHA1

fdf8f506f753e4ce64fbbfeb3e9c00480bcf0a82
SHA256

f6b65049c4e2ef992aeec5122657cfe6c851cd8ffae46209632ab77ac3cffe3c
SHA512

dae55866a40dc4fc065f617ece59761a9264c60ca5df52ef295dad0709ca68863838abce614ee6e630d36e62840709edc9495762ee0367fcdb9df39cf6ad5f92
SSDEEP

96:hy859x0P8Mak//dF3CWZ52xw0WadF5Y6V3ntAy89dn1yYf2A0sukFEr2:F5oLZ33CWZ/5Cf3nuyM51R0jkE2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2912	2972	rundll32.exe	29
PID 2972 wrote to memory of 2912	2972	rundll32.exe	29
PID 2972 wrote to memory of 2912	2972	rundll32.exe	29
PID 2972 wrote to memory of 2912	2972	rundll32.exe	29
PID 2972 wrote to memory of 2912	2972	rundll32.exe	29
PID 2972 wrote to memory of 2912	2972	rundll32.exe	29
PID 2972 wrote to memory of 2912	2972	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cee04e3f2e10a339129940e0e5871d60N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cee04e3f2e10a339129940e0e5871d60N.dll,#1
  2⤵
  PID:2912