c4f7b6f7f3ae3cd68e77edb9fc3d1cd736c72364d9066fd157e64c83a582c5f3

Analysis

max time kernel
162s
max time network
240s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:23

Target

c4f7b6f7f3ae3cd68e77edb9fc3d1cd736c72364d9066fd157e64c83a582c5f3.dll
Size

90KB
MD5

fa373f510e723cb2d7eac054d4afd50d
SHA1

d1325a9f831755b29c2b541847673e5eaa87524e
SHA256

c4f7b6f7f3ae3cd68e77edb9fc3d1cd736c72364d9066fd157e64c83a582c5f3
SHA512

e441eed5d3ce78695b904f0a373c4797095cf02f4e0989e8b333e7f902ab44c7c7704054f3b834ddbaa45a8322f2ad827bc3f94d0733c9dcf9fa785db93dce86
SSDEEP

1536:tbOd06nY+60deNMpTSnBKHMAduBzFWUSuvcAxz+KjTaOiO8FsuMXocU:p6nF60deDnBKHbcWJuEAx5jNiOusocU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 664	5040	rundll32.exe	79
PID 5040 wrote to memory of 664	5040	rundll32.exe	79
PID 5040 wrote to memory of 664	5040	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4f7b6f7f3ae3cd68e77edb9fc3d1cd736c72364d9066fd157e64c83a582c5f3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4f7b6f7f3ae3cd68e77edb9fc3d1cd736c72364d9066fd157e64c83a582c5f3.dll,#1
  2⤵
  PID:664