c9bf9d600a5ff7634844a9ec0fd82964932a100451478b6389fe39cd99b7acb9

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 01:02

Target

c9bf9d600a5ff7634844a9ec0fd82964932a100451478b6389fe39cd99b7acb9.dll
Size

156KB
MD5

f5d6071253a11e6d3885256fb26932aa
SHA1

ddfd36a7cda8bd9b746e16e0f339a9b2ebf7f124
SHA256

c9bf9d600a5ff7634844a9ec0fd82964932a100451478b6389fe39cd99b7acb9
SHA512

7b067e0c53b6ada501f9b24a95720e4af78f5008b6cfc5cfbcfbb4ddb94c83597f90b8c451b2486c825077e26e3f0b0e7450617a802d0ff9f80b27d427074344
SSDEEP

3072:KbPkzgAc+8+iMqFFDLHv3xfjN4bahzCeZjv227tNAV8etRz:KT61iD7v3xfhgahmYj3tNSL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 1152	3464	rundll32.exe	81
PID 3464 wrote to memory of 1152	3464	rundll32.exe	81
PID 3464 wrote to memory of 1152	3464	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9bf9d600a5ff7634844a9ec0fd82964932a100451478b6389fe39cd99b7acb9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9bf9d600a5ff7634844a9ec0fd82964932a100451478b6389fe39cd99b7acb9.dll,#1
  2⤵
  PID:1152