cb21f269028b63fb8c1be2c66ed5e3029967078167a31531fc8106d3cba1664e

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:40

Target

cb21f269028b63fb8c1be2c66ed5e3029967078167a31531fc8106d3cba1664e.dll
Size

79KB
MD5

01c021c4d093386ab88e719756c105f0
SHA1

45a4231c3f014152bc942a1a66d0106cd3569b61
SHA256

cb21f269028b63fb8c1be2c66ed5e3029967078167a31531fc8106d3cba1664e
SHA512

f563f5ae31f48bcfc5f1e03fc933c3117aaf5f9c67e3ca25b4da45cb62298ed2400540e5390abdfc142747a505d597858581eb9da8c5511e8fb0efbd8dc5f1d1
SSDEEP

1536:yl3E0T4M6rBMhzUif6l5k5Gg7OIqHapaIF/Z6wlMPSchXwhokQ:E398M6rBM/f645F1Uox6CM5Iu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 5072	5036	rundll32.exe	82
PID 5036 wrote to memory of 5072	5036	rundll32.exe	82
PID 5036 wrote to memory of 5072	5036	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb21f269028b63fb8c1be2c66ed5e3029967078167a31531fc8106d3cba1664e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb21f269028b63fb8c1be2c66ed5e3029967078167a31531fc8106d3cba1664e.dll,#1
  2⤵
  PID:5072