cfdef525a53b19b8e22c64fc6e57c17db9341b98dd8629ceac54b202b838a705

Analysis

max time kernel
154s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 06:34

Target

cfdef525a53b19b8e22c64fc6e57c17db9341b98dd8629ceac54b202b838a705.dll
Size

132KB
MD5

74b70389581aef65db886e319e0e9199
SHA1

cc2bd177b2dd624cee43beb51fe97c3aac8d6644
SHA256

cfdef525a53b19b8e22c64fc6e57c17db9341b98dd8629ceac54b202b838a705
SHA512

168b71de372be050722ff62462b3bcb84a3f191f1d5abdad52ff4d5d656c9807724532eb8de0232fcc7edef801961dab18a37ac1303d5a9a94196efd1cb9979d
SSDEEP

3072:8W13vPdMapbPKlKZjAC2fIJWJJCaGxgzQkzR8WVi4zm3d20SYh:XPMQMsEkaGSlzyW3m3d23K

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 872	4512	rundll32.exe	80
PID 4512 wrote to memory of 872	4512	rundll32.exe	80
PID 4512 wrote to memory of 872	4512	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfdef525a53b19b8e22c64fc6e57c17db9341b98dd8629ceac54b202b838a705.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfdef525a53b19b8e22c64fc6e57c17db9341b98dd8629ceac54b202b838a705.dll,#1
  2⤵
  PID:872

memory/872-132-0x0000000000000000-mapping.dmp

Download
memory/872-133-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/872-134-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/872-137-0x0000000001651000-0x000000000165F000-memory.dmp

Filesize
56KB

Download