dcfcd7051acdedce1216f64cc79cfe1a0583bd13a0c92a4c75269b2a24a73fed

Analysis

max time kernel
178s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 02:43

Target

dcfcd7051acdedce1216f64cc79cfe1a0583bd13a0c92a4c75269b2a24a73fed.dll
Size

72KB
MD5

a7a310b28a18377758488b5cefec921b
SHA1

2b2979b4da310a6c91e2688e92df233e02f40faf
SHA256

dcfcd7051acdedce1216f64cc79cfe1a0583bd13a0c92a4c75269b2a24a73fed
SHA512

c334fc759bd4a64ea55c88a2ef1589f4fb1c620b0e63bab85af1333801546a6c416aa988deb60afacccbf41f5d2616dbd3abd34ede3999b6d4c1d1ed774c8abb
SSDEEP

1536:E4ZU1fwBRDeppgNEtN495qOt0m2oOJrAZ7m:+S3MpgqtK9cOZ2oOJrAZ7m

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 2436	4956	rundll32.exe	79
PID 4956 wrote to memory of 2436	4956	rundll32.exe	79
PID 4956 wrote to memory of 2436	4956	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcfcd7051acdedce1216f64cc79cfe1a0583bd13a0c92a4c75269b2a24a73fed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcfcd7051acdedce1216f64cc79cfe1a0583bd13a0c92a4c75269b2a24a73fed.dll,#1
  2⤵
  PID:2436