0cc23f861831cf2bbaf1c622fa9cafa894e20402800bcb7fa53469adb8d7850c

Analysis

max time kernel
112s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 16:45

Target

0cc23f861831cf2bbaf1c622fa9cafa894e20402800bcb7fa53469adb8d7850c.dll
Size

48KB
MD5

696589fabc596dc312d217e60a8c622b
SHA1

b46c7a75bade6d9f515913f89e442e3ac4246b4c
SHA256

0cc23f861831cf2bbaf1c622fa9cafa894e20402800bcb7fa53469adb8d7850c
SHA512

5659912edb37d174ddc81930e7574aa87cce1809ba8c154a0bf84b05c132ddd79d18b25a0845070fc7e825580c2e03f32f467bf253f767fcd6867f475e5653dc
SSDEEP

768:CwgPOpmn8XwDRNVpnczN+WYlPwZMySSXo9a88:aOpmnPryWPwZjbo85

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 4012	636	rundll32.exe	55
PID 636 wrote to memory of 4012	636	rundll32.exe	55
PID 636 wrote to memory of 4012	636	rundll32.exe	55

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc23f861831cf2bbaf1c622fa9cafa894e20402800bcb7fa53469adb8d7850c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cc23f861831cf2bbaf1c622fa9cafa894e20402800bcb7fa53469adb8d7850c.dll,#1
  2⤵
  PID:4012

memory/4012-133-0x0000000002860000-0x0000000002936000-memory.dmp

Filesize
856KB

Download