cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb

Analysis

max time kernel
155s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 15:35

Target

cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb.dll
Size

640KB
MD5

4d03ca609e68f4c90cf66515218017f8
SHA1

545e440940073d5ec49d47fefd421730f8b33efb
SHA256

cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb
SHA512

1b52d09f94bd37850d098ae7222e85e16a4f6df14cfdfc28526cd98b81fb009865fa75774ee4feaa2e5d5861bea27759fe4fb979c902f8ea60afa8c3e1f723fe
SSDEEP

12288:1hr4UCeeHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axPFmRyy6aE:5e2g5gmO791I0E5uO9FAN9mRyyzE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 552	4856	rundll32.exe	80
PID 4856 wrote to memory of 552	4856	rundll32.exe	80
PID 4856 wrote to memory of 552	4856	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb.dll,#1
  2⤵
  PID:552