3c5b28e0f91d830ece9283ea2ab9eb819d1a4871e9e3155cad05e48120b0469c

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 13:45

Target

3c5b28e0f91d830ece9283ea2ab9eb819d1a4871e9e3155cad05e48120b0469c.dll
Size

62KB
MD5

7c4035d2c797826b0f6c0a0e4ae6054d
SHA1

3ec343bff8843f1350309a9e122d39ec1f9977e1
SHA256

3c5b28e0f91d830ece9283ea2ab9eb819d1a4871e9e3155cad05e48120b0469c
SHA512

4fd45072a9a528a90ac7a0d430a66b776c9f3fecbf84015c020500d54cd14747af7e0565581f7e42343910e39a515ab8bdd3d57d7befa429ab303ab351ab4cb6
SSDEEP

1536:ANUC5ikC+cursqXAe+e1Sg2V7IOjCbXRd77YT6/gshgDSz5PL3j/7O:AWC5iGzrsKAeWvCfp/gJSz5PL3j/7O

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 3652	4588	rundll32.exe	24
PID 4588 wrote to memory of 3652	4588	rundll32.exe	24
PID 4588 wrote to memory of 3652	4588	rundll32.exe	24

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c5b28e0f91d830ece9283ea2ab9eb819d1a4871e9e3155cad05e48120b0469c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c5b28e0f91d830ece9283ea2ab9eb819d1a4871e9e3155cad05e48120b0469c.dll,#1
  2⤵
  PID:3652