c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c

Analysis

max time kernel
332s
max time network
364s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 05:57

Target

c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll
Size

7KB
MD5

a621deb03d294360c6c8ca7010d6b530
SHA1

467e8177ffcefeef919298e4ed4306dd37329319
SHA256

c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c
SHA512

2bfbc7c7778088c45107911f1c8f5e1ffd6cf29460834181df5d57c5e94eddd408675ec9583b1f3e749754fe58368ef808c46474f751f89682c59c9d959c9037
SSDEEP

192:OrIQUA/Rvz6VkaAXHAv4aGH4fDtTkLIWZC:Orv+VpaQX+C

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 2788	4288	rundll32.exe	81
PID 4288 wrote to memory of 2788	4288	rundll32.exe	81
PID 4288 wrote to memory of 2788	4288	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll,#1
  2⤵
  PID:2788