c354756e4a612e3342c78e2b879479a5a1af72c55ea69b109b28f9a6238e397b

Analysis

max time kernel
181s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 10:36

Target

c354756e4a612e3342c78e2b879479a5a1af72c55ea69b109b28f9a6238e397b.dll
Size

4KB
MD5

ac6ba4c4408e48a8c391e960e7d287c0
SHA1

18a1eb6176d53771099a69676341ceb82387037b
SHA256

c354756e4a612e3342c78e2b879479a5a1af72c55ea69b109b28f9a6238e397b
SHA512

6810b3246c904de70510a7c09765048663ab4a34378608462300c7c27368dfe7fd15a19df4ec56c1e3443b7dc181c853954c349ae90407604284a1332f04c720
SSDEEP

48:qHupGeMcCB96DrhWHR0FiIsipZlM+u+eAPMDQHpyuLv6om0S4VqesPzy+:PMXB0rw0MI/pwbdsSMqX9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2548	2828	rundll32.exe	83
PID 2828 wrote to memory of 2548	2828	rundll32.exe	83
PID 2828 wrote to memory of 2548	2828	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c354756e4a612e3342c78e2b879479a5a1af72c55ea69b109b28f9a6238e397b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c354756e4a612e3342c78e2b879479a5a1af72c55ea69b109b28f9a6238e397b.dll,#1
  2⤵
  PID:2548