cc090f93f7286427eb4bbf95afd1a52282453b3462d50940cdc2681535e26c62

Analysis

max time kernel
140s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 02:37

Target

cc090f93f7286427eb4bbf95afd1a52282453b3462d50940cdc2681535e26c62.dll
Size

264KB
MD5

92925473f0afc4cc403e8f00e20dca40
SHA1

eb20c022ca5a32a69aaf25d060425e23ccba15e3
SHA256

cc090f93f7286427eb4bbf95afd1a52282453b3462d50940cdc2681535e26c62
SHA512

d43c8caf088356f75e5931faa2fa185417c904404edbe30b8afe0cc139a18cc1a4b54afd10636176108d322932f268d41fbcc0e420c0df97b27ee586c34031ee
SSDEEP

6144:WyKT9XElwwc26v0ufAx7GF/1L2PgzZjNGcdKI3G:tKOlwwcrTYBGtYgzZxGcO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4984	5076	rundll32.exe	80
PID 5076 wrote to memory of 4984	5076	rundll32.exe	80
PID 5076 wrote to memory of 4984	5076	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc090f93f7286427eb4bbf95afd1a52282453b3462d50940cdc2681535e26c62.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc090f93f7286427eb4bbf95afd1a52282453b3462d50940cdc2681535e26c62.dll,#1
  2⤵
  PID:4984

memory/4984-136-0x0000000010000000-0x0000000010042000-memory.dmp

Filesize
264KB

Download