ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b

Analysis

max time kernel
70s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 15:58

Target

ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b.dll
Size

105KB
MD5

a0e960dd660ecceb19c6b3c81bfd6322
SHA1

918f50d1ca6064f3e5502ced4f7020048cfbf4ac
SHA256

ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b
SHA512

b4f3beb46c231bd01bc2575ad5b4c0e8bad841a3394582c2e6fcdc830370bde75294238b6746665523b3f0bafcbab5bced168a142a08e38548c96e01172f6110
SSDEEP

3072:f2RWdNEp4Ls217vZRd3hq4clTXHa60clS:f2RWdNEqgKR73hlWTXV0r

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4880	4828	rundll32.exe	81
PID 4828 wrote to memory of 4880	4828	rundll32.exe	81
PID 4828 wrote to memory of 4880	4828	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccc2ace407b3dccce355be00b523fb7bdc83c7f71788d8f92df5218723e0dc6b.dll,#1
  2⤵
  PID:4880

memory/4880-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download