5cffd49f27d31b903afec2bba3961b4bd967f29acede0bda2630bfbf72220ebe

Analysis

max time kernel
167s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 10:55

Target

5cffd49f27d31b903afec2bba3961b4bd967f29acede0bda2630bfbf72220ebe.dll
Size

71KB
MD5

cd883950b6846b08f3828ddc3e971f0d
SHA1

e7dc27705df09809e072be72d71821330cb50175
SHA256

5cffd49f27d31b903afec2bba3961b4bd967f29acede0bda2630bfbf72220ebe
SHA512

abee8d7a2e6335d1009765ea5317127aae3f28488a70f220ef5e2b0c16aceb814517ad5ed1cc8cf5cd2cd0321493338337bce6eb219f45c60dd6fa9ecab09a90
SSDEEP

1536:PO+BAmzP2RR4r0oZ/dejiI+B6UPpA216k4ctzSCenuAH:Jnm4gWC+wG5ovcF9en

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 2932	4592	rundll32.exe	82
PID 4592 wrote to memory of 2932	4592	rundll32.exe	82
PID 4592 wrote to memory of 2932	4592	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cffd49f27d31b903afec2bba3961b4bd967f29acede0bda2630bfbf72220ebe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cffd49f27d31b903afec2bba3961b4bd967f29acede0bda2630bfbf72220ebe.dll,#1
  2⤵
  PID:2932

memory/2932-134-0x0000000001FE0000-0x0000000002005000-memory.dmp

Filesize
148KB

Download
memory/2932-133-0x0000000001FB0000-0x0000000001FD5000-memory.dmp

Filesize
148KB

Download