9cf2f2cb6ead6ac3e1ad301fbe0af41ee4d2cc206aaa633f07154eb68022ef70

Analysis

max time kernel
166s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:06

Target

9cf2f2cb6ead6ac3e1ad301fbe0af41ee4d2cc206aaa633f07154eb68022ef70.dll
Size

137KB
MD5

97b06c14347d74889e85ff3298fde5a0
SHA1

c8a280c23e77b9f5eddf6cb2b25a3df25b63cb50
SHA256

9cf2f2cb6ead6ac3e1ad301fbe0af41ee4d2cc206aaa633f07154eb68022ef70
SHA512

cc1756b2adfb375146b4f29bb3aa940da67fce3d2dc677b00009d753bf799bf784d5f70cfd2d467525bc6500ce7db2aad8870e2fd964210112577edae31eff6f
SSDEEP

3072:q8wA0TMD5Dqg0yN1nvAANSw8ltWoihGCyMOLySWst+fXxW0ILi:q8w6D4Kotup0LWI+fH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 5108	2040	rundll32.exe	82
PID 2040 wrote to memory of 5108	2040	rundll32.exe	82
PID 2040 wrote to memory of 5108	2040	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cf2f2cb6ead6ac3e1ad301fbe0af41ee4d2cc206aaa633f07154eb68022ef70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cf2f2cb6ead6ac3e1ad301fbe0af41ee4d2cc206aaa633f07154eb68022ef70.dll,#1
  2⤵
  PID:5108