cf5ac1a3037659878dd5bdb468c36edd579a5923acb30da044541b1a67d74e61

Analysis

max time kernel
137s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:29

Target

cf5ac1a3037659878dd5bdb468c36edd579a5923acb30da044541b1a67d74e61.dll
Size

124KB
MD5

f8b1ab594ad0597a1c218ada4e725da1
SHA1

553f6733466239f68a50e47d70c21876ffc0a1e7
SHA256

cf5ac1a3037659878dd5bdb468c36edd579a5923acb30da044541b1a67d74e61
SHA512

993331ea3549e4c28114691104ece588876fb60f346dff47144a7a23e93501706248be08ce8b5c223b80055fce1b400a9f01e89a84e0944261cdaa7847079946
SSDEEP

3072:TDGYLwwgB6dwio2JyGetJuWonmWcgFBKgmnqs94p:nwwpBopGetJuWomWbBKguGp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 3544	676	rundll32.exe	83
PID 676 wrote to memory of 3544	676	rundll32.exe	83
PID 676 wrote to memory of 3544	676	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf5ac1a3037659878dd5bdb468c36edd579a5923acb30da044541b1a67d74e61.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf5ac1a3037659878dd5bdb468c36edd579a5923acb30da044541b1a67d74e61.dll,#1
  2⤵
  PID:3544

memory/3544-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download