4cc3fe7d6501270ac81b752dee38b5a08d248f36e3a848b446be0c68e612c2c8

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:01

Target

4cc3fe7d6501270ac81b752dee38b5a08d248f36e3a848b446be0c68e612c2c8.dll
Size

74KB
MD5

5d34deed256c8301c3cc261f6a06d4e0
SHA1

145b9ff1e3548d7a64936fac7944d0a944b11192
SHA256

4cc3fe7d6501270ac81b752dee38b5a08d248f36e3a848b446be0c68e612c2c8
SHA512

6bd4d5d3f98de2bfc3c18f4891883c6b0b564e84f22396facaee44919c6e96f81443b7db82b1bbc0f3fe1e4c87addfa7da5ca1d1fa049917cc8e6bf6ebe7c5fb
SSDEEP

1536:HKvv9jeCw6l9n+Eu2fdLqAqG6BZT7gOK3peJ4gzeauETGmTNSogTRyVC9f:TSHu2FeKaXK5eJ4rauqDJhU39

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 4344	616	rundll32.exe	80
PID 616 wrote to memory of 4344	616	rundll32.exe	80
PID 616 wrote to memory of 4344	616	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cc3fe7d6501270ac81b752dee38b5a08d248f36e3a848b446be0c68e612c2c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cc3fe7d6501270ac81b752dee38b5a08d248f36e3a848b446be0c68e612c2c8.dll,#1
  2⤵
  PID:4344