cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463

Analysis

max time kernel
58s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 02:19

Target

cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463.dll
Size

108KB
MD5

52b4480de6f4d4f32fba2b535941c284
SHA1

4f63c0054ee983734ae9bf8f4e9aa0383748de8f
SHA256

cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463
SHA512

48cb6b38aaf71c984acc7f18c89c6787762b2219461d158929f9f9056b604e36dfb5ada3f55867c6f8099fdde3a79c89ae7cbeb6d673908bc9489386587e94b9
SSDEEP

3072:an697qlalkDnoT0N93qznrXjtjEvgWOtlJM0fv62:VqlalkrtcjrXpjag5tj/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2272 wrote to memory of 1180	2272	rundll32.exe	rundll32.exe
PID 2272 wrote to memory of 1180	2272	rundll32.exe	rundll32.exe
PID 2272 wrote to memory of 1180	2272	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cee13db72b58d980778380b7382a4c3fe976ed2462fd21386e1d11a4e6669463.dll,#1
  2⤵
  PID:1180