5c2855da8d694e62afafddf536f891b6c0224f8be1e6339fe230b5d497cc6b62

Analysis

max time kernel
92s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 23:34

Target

5c2855da8d694e62afafddf536f891b6c0224f8be1e6339fe230b5d497cc6b62.dll
Size

32KB
MD5

239721cf58d8a1264cfad2c61f6d03e9
SHA1

0af19f2d8aad4308e9edb2316658e34b73fe8d99
SHA256

5c2855da8d694e62afafddf536f891b6c0224f8be1e6339fe230b5d497cc6b62
SHA512

8906266e8915aeb64a7c6e91b9d7bcee727d20c20d525582c257851544f6f67adfc9dee4557ab03cf52d7c059a941f2d470417a7f3ef59b4a69bd5e5bbdb4284
SSDEEP

768:i7FFX0ogrmCSc19EkWQ75MM+li34iDzhqDFRWFT8:i7F1gr0c19d75MVlhCkxRWFg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 4064	4364	rundll32.exe	78
PID 4364 wrote to memory of 4064	4364	rundll32.exe	78
PID 4364 wrote to memory of 4064	4364	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c2855da8d694e62afafddf536f891b6c0224f8be1e6339fe230b5d497cc6b62.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c2855da8d694e62afafddf536f891b6c0224f8be1e6339fe230b5d497cc6b62.dll,#1
  2⤵
  PID:4064