c9c5c6a55828c640bd016c236a4370cf8f6eb5507e51e5146b188c2f7700bab8

Analysis

max time kernel
188s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 07:41

Target

c9c5c6a55828c640bd016c236a4370cf8f6eb5507e51e5146b188c2f7700bab8.dll
Size

224KB
MD5

a2d99b810559147c242735435b2adad0
SHA1

2a66975663f5d2322cee97c5898c74f656fd1c25
SHA256

c9c5c6a55828c640bd016c236a4370cf8f6eb5507e51e5146b188c2f7700bab8
SHA512

d806930b5e7cf3a713384f2320d2b7b36862ff133a6243434a396d301cfa6221227d6e47be8b112c59838ec022c9b5734268d5925b5f8098f47e1981442b7214
SSDEEP

3072:jiZ2ETTGxb6TadkSDs2uz/F/Re0ORmh9PEApozpRG9bY0Oa64IeV1:klOZJdXsJDh5oLG1Y1a64IC1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 1152	4368	rundll32.exe	83
PID 4368 wrote to memory of 1152	4368	rundll32.exe	83
PID 4368 wrote to memory of 1152	4368	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9c5c6a55828c640bd016c236a4370cf8f6eb5507e51e5146b188c2f7700bab8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9c5c6a55828c640bd016c236a4370cf8f6eb5507e51e5146b188c2f7700bab8.dll,#1
  2⤵
  PID:1152

memory/1152-133-0x0000000067600000-0x0000000067638000-memory.dmp

Filesize
224KB

Download