c4cc37373b5c267e7a842a02e8f0d70fe6770688fd1bdf49e71205033ee949ee

Analysis

max time kernel
179s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 13:36

Target

c4cc37373b5c267e7a842a02e8f0d70fe6770688fd1bdf49e71205033ee949ee.dll
Size

32KB
MD5

42e85040efd32f555f9dca4d00bc2660
SHA1

aeaa9143295bd1be8b65181e3416f02bd7607918
SHA256

c4cc37373b5c267e7a842a02e8f0d70fe6770688fd1bdf49e71205033ee949ee
SHA512

bbc9ef99209b1e9c0b30a33008ca1f455068fadd1be92ea26004758b3af0976e5e1be79869ff9d8a9b9c4605c0bad4f154c5febf4eaa80a469e3c14115dd4d96
SSDEEP

768:m7FFX0ogrmCSc19EkWQ75MM+li34iDzhqDFRWFT8:m7F1gr0c19d75MVlhCkxRWFg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 216	1792	rundll32.exe	81
PID 1792 wrote to memory of 216	1792	rundll32.exe	81
PID 1792 wrote to memory of 216	1792	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4cc37373b5c267e7a842a02e8f0d70fe6770688fd1bdf49e71205033ee949ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4cc37373b5c267e7a842a02e8f0d70fe6770688fd1bdf49e71205033ee949ee.dll,#1
  2⤵
  PID:216