2c01c0dc3613f4ec5e1347cb3db5452d90e1124cbf10fcc6142ac34613c59cba

Analysis

max time kernel
160s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:03

Target

2c01c0dc3613f4ec5e1347cb3db5452d90e1124cbf10fcc6142ac34613c59cba.dll
Size

840KB
MD5

73b754c8d398020ecb4247d8a08731d0
SHA1

8738095b5aa8ef83cf99f83d80e3910f4b1392bd
SHA256

2c01c0dc3613f4ec5e1347cb3db5452d90e1124cbf10fcc6142ac34613c59cba
SHA512

477a923091f148a512768c3264fa65b41a13b2e270c5b0e14e15093dd035647d4b8d1225ec19483c63eca97dbf58b94b146b078fbb30ad54e0859f55c3ea5967
SSDEEP

24576:W62ckLifPV5/EGrsWZqR3qbc09Fh8ThdS1r+zM:rN5HsWk6bc09F0O

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 420	3140	rundll32.exe	79
PID 3140 wrote to memory of 420	3140	rundll32.exe	79
PID 3140 wrote to memory of 420	3140	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c01c0dc3613f4ec5e1347cb3db5452d90e1124cbf10fcc6142ac34613c59cba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c01c0dc3613f4ec5e1347cb3db5452d90e1124cbf10fcc6142ac34613c59cba.dll,#1
  2⤵
  PID:420

memory/420-133-0x00000000021E0000-0x00000000022BA000-memory.dmp

Filesize
872KB

Download
memory/420-134-0x00000000021E0000-0x00000000022BA000-memory.dmp

Filesize
872KB

Download