cd0e4c604fa591cddf8c9414af4c2f58dd1f4bde47b65c6936752ca9a1b73d55

Analysis

max time kernel
139s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 13:31

Target

cd0e4c604fa591cddf8c9414af4c2f58dd1f4bde47b65c6936752ca9a1b73d55.dll
Size

335KB
MD5

6bd6b371a226f30ce54ce0c7b96ae700
SHA1

94e84a1cd86600e976c7c24f219ff85c7f8daeb8
SHA256

cd0e4c604fa591cddf8c9414af4c2f58dd1f4bde47b65c6936752ca9a1b73d55
SHA512

acfa47538ae15a77dea27d278e725e480d232c9bd8725e09ed1068ba79de9bb72fe8cce66c54b1ef07cb0694bf8aefb0c8cc068d067cd3cf7a7f0c72e75d0106
SSDEEP

6144:wVcF89s6nT4VdaNIpYU2G/nSck3Q/TyPxn4Rl2rfvpAxaETBTMab44m:wmF89smGENIp5dfSck3mTYxumfvOxaE4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 4844	3972	rundll32.exe	83
PID 3972 wrote to memory of 4844	3972	rundll32.exe	83
PID 3972 wrote to memory of 4844	3972	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd0e4c604fa591cddf8c9414af4c2f58dd1f4bde47b65c6936752ca9a1b73d55.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd0e4c604fa591cddf8c9414af4c2f58dd1f4bde47b65c6936752ca9a1b73d55.dll,#1
  2⤵
  PID:4844