00c9ad9872de24b4646e88b1666819509a44fda76a308e016129ed58ed1d252f

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:47

Target

00c9ad9872de24b4646e88b1666819509a44fda76a308e016129ed58ed1d252f.dll
Size

6KB
MD5

dcc320ea51d1876bc929a7771f85fd70
SHA1

a9f55fe98a51366ee26f5a200dc87bff70d4e0f1
SHA256

00c9ad9872de24b4646e88b1666819509a44fda76a308e016129ed58ed1d252f
SHA512

b6fb1f4e641627d6a1c44269ddb3248e28c8802fc2a33497cf14649a34a1bb46e50522592ef72ab9975602a145ad9eea4e3322025de602d15afb2dc55dc063e9
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD727DKY3:juLJ/oAdQPQa2aeng7oDKY3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2772	5040	rundll32.exe	76
PID 5040 wrote to memory of 2772	5040	rundll32.exe	76
PID 5040 wrote to memory of 2772	5040	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00c9ad9872de24b4646e88b1666819509a44fda76a308e016129ed58ed1d252f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00c9ad9872de24b4646e88b1666819509a44fda76a308e016129ed58ed1d252f.dll,#1
  2⤵
  PID:2772