c9bfc54fda3a2290e6dbbf1e694858fa7fa5039b64d5df422d6b6f0f41f7e27d

Analysis

max time kernel
142s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 05:02

Target

c9bfc54fda3a2290e6dbbf1e694858fa7fa5039b64d5df422d6b6f0f41f7e27d.dll
Size

18KB
MD5

965f3c33f459c69baefcda38ee1fffef
SHA1

8c867757d73f9e7d32f03c353ae36a2e43cec1f4
SHA256

c9bfc54fda3a2290e6dbbf1e694858fa7fa5039b64d5df422d6b6f0f41f7e27d
SHA512

37c7c2b7603e8c16983ab7f81ededd29b6c1e654a54385457569fc562d84a424c1725ce49993fb2157eec7dc1d3875017095369244b8b6300c0940e199cf6668
SSDEEP

384:EhBHo7xX9iGgOa7Pfp+/BRiBZWG5VL3ArCQBm+k7OUXiTP:Ek7TiGgH7PR8BnKVL31+k7DX+P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 2548	3080	rundll32.exe	80
PID 3080 wrote to memory of 2548	3080	rundll32.exe	80
PID 3080 wrote to memory of 2548	3080	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9bfc54fda3a2290e6dbbf1e694858fa7fa5039b64d5df422d6b6f0f41f7e27d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9bfc54fda3a2290e6dbbf1e694858fa7fa5039b64d5df422d6b6f0f41f7e27d.dll,#1
  2⤵
  PID:2548