dccca0162f68b99ed13ac37047dc22aab9b6bd5e31475c0a086b18051c50d808

Analysis

max time kernel
168s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:24

Target

dccca0162f68b99ed13ac37047dc22aab9b6bd5e31475c0a086b18051c50d808.dll
Size

70KB
MD5

210b3f8c9c08f58e223e39da3aa00d8f
SHA1

46d33df2587b140005b82b63bc1a832b33d925d5
SHA256

dccca0162f68b99ed13ac37047dc22aab9b6bd5e31475c0a086b18051c50d808
SHA512

fa4c1d356c911abe1d7aaff24553a1e667811a01d59d6496b7e6610d50a6489cd161ae57e9dd2e86d9f814817f52151f5094fecab054de50892bdf46c5a95133
SSDEEP

1536:VZIcCxRVpr2RRlcviGaBYhmatRaBniWyM0OHRLKVCf:r+f8RgviNYhmi4HX0OLKV+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3584	3668	rundll32.exe	83
PID 3668 wrote to memory of 3584	3668	rundll32.exe	83
PID 3668 wrote to memory of 3584	3668	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dccca0162f68b99ed13ac37047dc22aab9b6bd5e31475c0a086b18051c50d808.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dccca0162f68b99ed13ac37047dc22aab9b6bd5e31475c0a086b18051c50d808.dll,#1
  2⤵
  PID:3584