c2f36dc1ff1e940caaf867e68b2def157564f44edd517d16dee402050fc8517b

Analysis

max time kernel
179s
max time network
226s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 18:13

Target

c2f36dc1ff1e940caaf867e68b2def157564f44edd517d16dee402050fc8517b.dll
Size

25KB
MD5

64cac256b2021130fb751a2fa7c0918c
SHA1

55fbda5891b25831e96345727912bd05ec58b3e4
SHA256

c2f36dc1ff1e940caaf867e68b2def157564f44edd517d16dee402050fc8517b
SHA512

c6c6b0a4019490b0942b8ee6d1ef7df1162b181fd1b25a1bcfc620e37262ec9e584de0a2ef860fd76dc76bfaeb04bc21ad98e09bab2058e144f199664bcfb1b6
SSDEEP

384:NGhNz35E7duta+fGGq77nRrFglQWY6awzjRcsr1:NGfz3u7duta+Rq7lrFGQZ6hzjRT1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 4856	1868	rundll32.exe	81
PID 1868 wrote to memory of 4856	1868	rundll32.exe	81
PID 1868 wrote to memory of 4856	1868	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2f36dc1ff1e940caaf867e68b2def157564f44edd517d16dee402050fc8517b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2f36dc1ff1e940caaf867e68b2def157564f44edd517d16dee402050fc8517b.dll,#1
  2⤵
  PID:4856