2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:36

Target

2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1.dll
Size

6KB
MD5

4f47d5b25aa97001305d44f646a08310
SHA1

21e63f622b829dcf2c091ab48c737bcc2339dde0
SHA256

2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1
SHA512

f3651e15752a44a621c507bd9c59d3aaf258fd4280c26b2dd652e2ecbf497e620e4c91d1227f0912c392d8ea14399b0dacc09049ed29dfbb585d875c0388b8c0
SSDEEP

96:hy859x0P8MaXr62qV0dr6JE+KcN+RE/29C:F5oL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 4060	3300	rundll32.exe	78
PID 3300 wrote to memory of 4060	3300	rundll32.exe	78
PID 3300 wrote to memory of 4060	3300	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c2258b4cd5a00e30ffd24c6765c6efb78a60edd6a14e194c9568e1e1b4868d1.dll,#1
  2⤵
  PID:4060