236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152

Analysis

max time kernel
112s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 19:01

Target

236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152.exe
Size

36KB
MD5

84f973b640976fb36c59112245f35c3c
SHA1

b984e66b39952e771e6f1037e9d2bdc4c63e6c2f
SHA256

236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152
SHA512

de20bf37bad5b23f5d1f1617873b0d78ccb259805c5915382fc9d7bcdd4061e4ac2611536cf0a5220cb968f4445d8cba1b4ad1e7943f4b395f4a4494510ec316
SSDEEP

384:cHP1qaBKxCd7PpLjzKb29lKDYyKsez8/th:cHPdBKYXx48zso8/th

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 1680	4828	236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152.exe	83
PID 4828 wrote to memory of 1680	4828	236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152.exe	83
PID 4828 wrote to memory of 1680	4828	236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152.exe	83

C:\Users\Admin\AppData\Local\Temp\236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152.exe
"C:\Users\Admin\AppData\Local\Temp\236c16c6419e33386d6b830d4b01f0af853b13e0db9f8bc203d8f41c81ea5152.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\windows\system32\ffdwllvdcb.sd,mymain
  2⤵
  PID:1680