cc3ba6c53c74e1f890e10464217080da594509a8a490785706df617dcb664a3c

Analysis

max time kernel
138s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 06:38

Target

cc3ba6c53c74e1f890e10464217080da594509a8a490785706df617dcb664a3c.dll
Size

9KB
MD5

11e7410021be768e87238389c98b4ce8
SHA1

bc660cdc09df4ebfb288155438427a9c9adc23fa
SHA256

cc3ba6c53c74e1f890e10464217080da594509a8a490785706df617dcb664a3c
SHA512

1d4234315c5a74cbdbea97c3b3ec11520dd385a6110023564f05819b92ff3c664068fb2afd53a57e847cd3d7b41bd8fb04ca522ab1b4b31004aedfc99f36262c
SSDEEP

192:Dw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w96:ddHad/N20IypWak8dWiWak8EdW9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 5028	380	rundll32.exe	81
PID 380 wrote to memory of 5028	380	rundll32.exe	81
PID 380 wrote to memory of 5028	380	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc3ba6c53c74e1f890e10464217080da594509a8a490785706df617dcb664a3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc3ba6c53c74e1f890e10464217080da594509a8a490785706df617dcb664a3c.dll,#1
  2⤵
  PID:5028

memory/5028-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download