c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 17:54

Target

c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll
Size

90KB
MD5

8b907e5b2ca2d7fd5388bd308e95c823
SHA1

a0b68400be05974199e3567c02a162728d19f909
SHA256

c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d
SHA512

cbe094a747e836e6db26e4934ae368971bba304b3cb41a54269012702397e037e10d13dca1245c52254c4dc1a44045ff893b8e7673972c73f9ef63e58e50c8f7
SSDEEP

1536:gpr7U/BfbvkEr0kVKSCNuBeQTXrcuLwwqJjpx5FNta2yp6e/+8LTcwkk:gV7ojvvVtVBeEXAuLwDFFNtDyceW8HV5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2148 wrote to memory of 4428	2148	rundll32.exe	rundll32.exe
PID 2148 wrote to memory of 4428	2148	rundll32.exe	rundll32.exe
PID 2148 wrote to memory of 4428	2148	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2148

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll,#1
2⤵
PID:4428

memory/4428-132-0x0000000000000000-mapping.dmp

Download
memory/4428-134-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/4428-135-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download