dfc9ec43723a19adaa3ebce1fd40721dbd0e1997beebd6e441cd7a9739e788ee

Analysis

max time kernel
212s
max time network
234s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:40

Target

dfc9ec43723a19adaa3ebce1fd40721dbd0e1997beebd6e441cd7a9739e788ee.dll
Size

59KB
MD5

ff4d08afc5557138860c2324fd0ad130
SHA1

d664038c36d8e27c56981f92fa9f21ab4f09f3d5
SHA256

dfc9ec43723a19adaa3ebce1fd40721dbd0e1997beebd6e441cd7a9739e788ee
SHA512

6822bb34429402cf3521331f88265fd57e6225c81ca87f25c131a45f6cbf9dbbb00c0b5f021f8e30d9c576fef3e5a39d131f8c25b7cd45e4495d3246e1da6d04
SSDEEP

768:KsZIlOe1SCkLOk+ZWXcqndjkIDp+XLl6vQVSTDgDNQpKYi7hqoDl+PvJubvqbk7+:jZIcCxRKtkCaLlrVSTJi0s+0bvqwq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 2436	4432	rundll32.exe	70
PID 4432 wrote to memory of 2436	4432	rundll32.exe	70
PID 4432 wrote to memory of 2436	4432	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfc9ec43723a19adaa3ebce1fd40721dbd0e1997beebd6e441cd7a9739e788ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfc9ec43723a19adaa3ebce1fd40721dbd0e1997beebd6e441cd7a9739e788ee.dll,#1
  2⤵
  PID:2436