cf112faeb43d8c9a9d2e1219a13d84e453194ff8f0c5fbd81288bd3e1e9759e5

Analysis

max time kernel
153s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 07:40

Target

cf112faeb43d8c9a9d2e1219a13d84e453194ff8f0c5fbd81288bd3e1e9759e5.dll
Size

81KB
MD5

33f4a4e9569b5ece7d7961128e0776ec
SHA1

22e8192cdb8f1bf0dfdbbce74e852b84f56fbc34
SHA256

cf112faeb43d8c9a9d2e1219a13d84e453194ff8f0c5fbd81288bd3e1e9759e5
SHA512

ae72e60039f04d64aeac2ef27d838768bff8e8dda948bb00cf3c3cab76251a82d935ec974e7ebf5f49cf67513b027df2e775caad122ba195fb184cf553de0278
SSDEEP

1536:2moLIIWdNE9jv4LsBgIAOl330mheNBpDXkR:f2RWdNEp4Ls2hQ33cBxA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 4512	4744	rundll32.exe	82
PID 4744 wrote to memory of 4512	4744	rundll32.exe	82
PID 4744 wrote to memory of 4512	4744	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf112faeb43d8c9a9d2e1219a13d84e453194ff8f0c5fbd81288bd3e1e9759e5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf112faeb43d8c9a9d2e1219a13d84e453194ff8f0c5fbd81288bd3e1e9759e5.dll,#1
  2⤵
  PID:4512