99ccbe3b06ae0611fc62edc916274266746bbd4a0d6c27d8c72deb65ac84d8cd

Analysis

max time kernel
222s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:40

Target

99ccbe3b06ae0611fc62edc916274266746bbd4a0d6c27d8c72deb65ac84d8cd.dll
Size

64KB
MD5

fc54868f6a38068022cb776cb4839378
SHA1

7cd6caaa91c3cbfa18196815acb44147ef507485
SHA256

99ccbe3b06ae0611fc62edc916274266746bbd4a0d6c27d8c72deb65ac84d8cd
SHA512

0227e768eefdf3dab305d10a272cb09fa751923400c1d77d411b9853222e6ec9c96817b34cc97f2026935985b9c5166e311cb55af3d7741a25f7760bf0de3921
SSDEEP

1536:yl3E0T2sOJeArsKwOr3vlO0Jy19ZgUw8nPhS1zc8b/NZD:E39iQrErlO0JJ7AszBb/DD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 844	4292	rundll32.exe	78
PID 4292 wrote to memory of 844	4292	rundll32.exe	78
PID 4292 wrote to memory of 844	4292	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99ccbe3b06ae0611fc62edc916274266746bbd4a0d6c27d8c72deb65ac84d8cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99ccbe3b06ae0611fc62edc916274266746bbd4a0d6c27d8c72deb65ac84d8cd.dll,#1
  2⤵
  PID:844