ee0cc6dfd1147e50e8b9e75a65babc09115b242199e884019ddd7d9bcfb6c670

Analysis

max time kernel
150s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:12

Target

ee0cc6dfd1147e50e8b9e75a65babc09115b242199e884019ddd7d9bcfb6c670.dll
Size

195KB
MD5

cb12cdfbc038c0a5756f0cd2244069e0
SHA1

1b480bb3a9e73a4c1aab8f8a5ca5e1910abe44fd
SHA256

ee0cc6dfd1147e50e8b9e75a65babc09115b242199e884019ddd7d9bcfb6c670
SHA512

b5b6618d16a09f5593df705ffd2137bad00b8dfc6d4014519ad6f57129907908dd7cbff1d6780531283803e70f17c85c2e1038ff82d0c204e0ce95072445127d
SSDEEP

6144:MIJDXDgvd7p9iGS880k3Yf1MD1QlENYvp2KAJ:MI617p9iF83nt4mlENHK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4940 wrote to memory of 1532	4940	rundll32.exe	rundll32.exe
PID 4940 wrote to memory of 1532	4940	rundll32.exe	rundll32.exe
PID 4940 wrote to memory of 1532	4940	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee0cc6dfd1147e50e8b9e75a65babc09115b242199e884019ddd7d9bcfb6c670.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee0cc6dfd1147e50e8b9e75a65babc09115b242199e884019ddd7d9bcfb6c670.dll,#1
2⤵
PID:1532