ccdad0927cdada819962124d734a785c4dfe066a755878e87a19ced01abae5c9

Analysis

max time kernel
203s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:54

Target

ccdad0927cdada819962124d734a785c4dfe066a755878e87a19ced01abae5c9.dll
Size

124KB
MD5

0f36b481aa4ba2e58dd2708aa41c2630
SHA1

5a032c227aa153a3502c3ced7294ac5e201991bc
SHA256

ccdad0927cdada819962124d734a785c4dfe066a755878e87a19ced01abae5c9
SHA512

eac4f60ff5891c42630164040d20c67d43e7875cb4ce07182adc0b4d58e1ad34f35c6875bdc23fd7ec69b0b24d97bd32aac7834a6e97b47d46e0004f1f2c7674
SSDEEP

1536:+s+jlkPBfHtSkYoPPgC31dZj5RGIsINXIBIuIJkuvfZ/AuwWnFJy:uEBNRYoPPgylG7KuNyxvfGWFJy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 4736	5048	rundll32.exe	82
PID 5048 wrote to memory of 4736	5048	rundll32.exe	82
PID 5048 wrote to memory of 4736	5048	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccdad0927cdada819962124d734a785c4dfe066a755878e87a19ced01abae5c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccdad0927cdada819962124d734a785c4dfe066a755878e87a19ced01abae5c9.dll,#1
  2⤵
  PID:4736