f1caeac633ed0c209ec4fd17c1a28869f2a1202a56c3daabcb01e5506565c607

Analysis

max time kernel
164s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 00:54

Target

f1caeac633ed0c209ec4fd17c1a28869f2a1202a56c3daabcb01e5506565c607.dll
Size

6KB
MD5

5bffe57d7acd7b7e490ea80bc2691720
SHA1

38da7cf3458958df5e0ae3c934bb2898442d93ad
SHA256

f1caeac633ed0c209ec4fd17c1a28869f2a1202a56c3daabcb01e5506565c607
SHA512

fd4de00cdc1f9864e5a9cff979b3092db9d748d4ac3e5e6474eab30c3571295aa1c7afccbf7e8cf742a3d53a846f30f5c4b92606d56c178d27d21dde70fb754d
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqNOoL6IkOyUV/rswVTS6EV:hy859x0P8MaNX6LGV/rswVTS6EV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 2204	384	rundll32.exe	79
PID 384 wrote to memory of 2204	384	rundll32.exe	79
PID 384 wrote to memory of 2204	384	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1caeac633ed0c209ec4fd17c1a28869f2a1202a56c3daabcb01e5506565c607.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1caeac633ed0c209ec4fd17c1a28869f2a1202a56c3daabcb01e5506565c607.dll,#1
  2⤵
  PID:2204