5c7a83b94685d9f9dfa290cbd215d3303f13d2e1d3fa4b857bd78ed71eb3b5f5

Analysis

max time kernel
99s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 04:57

Target

5c7a83b94685d9f9dfa290cbd215d3303f13d2e1d3fa4b857bd78ed71eb3b5f5.dll
Size

7KB
MD5

4777180ae5ee4ecce076f6a9767d12f0
SHA1

37d18666c3b360461fc1b5bc9cb293544ba876ab
SHA256

5c7a83b94685d9f9dfa290cbd215d3303f13d2e1d3fa4b857bd78ed71eb3b5f5
SHA512

64fa7f5e123a01eec18e679539bbc5796ff577cce8e077186fb50b6ee4788f7dbc3fec70b6bd8e5cde0939b4a755f4f25d1a33ff93711d1208915b45563ba220
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIZOuxcQAthGonrINJpQecAaS2ErCPQO:unSR6bgYaO866vQd9vErCPQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 3040	4780	rundll32.exe	79
PID 4780 wrote to memory of 3040	4780	rundll32.exe	79
PID 4780 wrote to memory of 3040	4780	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c7a83b94685d9f9dfa290cbd215d3303f13d2e1d3fa4b857bd78ed71eb3b5f5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c7a83b94685d9f9dfa290cbd215d3303f13d2e1d3fa4b857bd78ed71eb3b5f5.dll,#1
  2⤵
  PID:3040