cab837db7f019fd132d365140d196356c44f1a7dbea0813fc01c0802d5fdc4cf

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 10:54

Target

cab837db7f019fd132d365140d196356c44f1a7dbea0813fc01c0802d5fdc4cf.dll
Size

120KB
MD5

80e83d26a40bd613792dceac8448fe15
SHA1

60bb7cb0fcfcafa5354454a93e751fde0b6d6794
SHA256

cab837db7f019fd132d365140d196356c44f1a7dbea0813fc01c0802d5fdc4cf
SHA512

82042a242b5a7e7ff4265cd8c0c2d99f662b4fa8d9457893ea25b153f332ea20730d6d512ce3743dc578b8c2567cfd29711a2c6e9b3010d3143fc2914c41829d
SSDEEP

1536:ZmKYesyjKPvfaNt4lu7PhfFYmsQsOHTkPE0gjvicf9AbjadkpzLxC:ZmKYVemfaNtvPhOxPE0G9f0j4kpng

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 1952	4240	rundll32.exe	83
PID 4240 wrote to memory of 1952	4240	rundll32.exe	83
PID 4240 wrote to memory of 1952	4240	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cab837db7f019fd132d365140d196356c44f1a7dbea0813fc01c0802d5fdc4cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cab837db7f019fd132d365140d196356c44f1a7dbea0813fc01c0802d5fdc4cf.dll,#1
  2⤵
  PID:1952