5c9d3876f342ec2874076bf742588b873d687e8d5cd85660a58b475137f2be4f

Analysis

max time kernel
151s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 00:37

Target

5c9d3876f342ec2874076bf742588b873d687e8d5cd85660a58b475137f2be4f.dll
Size

6KB
MD5

3eb2536869e749388503800763d9c110
SHA1

8c3d59bd09da4198e6f70e67ed4c6cd89f44c4ce
SHA256

5c9d3876f342ec2874076bf742588b873d687e8d5cd85660a58b475137f2be4f
SHA512

b20e4f5ea7e5de6f6b635c5c87899fb4133f7f52bdbc1302f439d5824bfbbed036b8031c0a17b02c462e359384be28b536e5ef80fc6935395fa6a1fc83e7bc97
SSDEEP

96:nGTKrYJyJ5gT9jXk9eXWI/n9e1r/CVd7p0jsnmUD7E:nGTWJGp0UZUd6378snt7E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 4380	2332	rundll32.exe	81
PID 2332 wrote to memory of 4380	2332	rundll32.exe	81
PID 2332 wrote to memory of 4380	2332	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c9d3876f342ec2874076bf742588b873d687e8d5cd85660a58b475137f2be4f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c9d3876f342ec2874076bf742588b873d687e8d5cd85660a58b475137f2be4f.dll,#1
  2⤵
  PID:4380