cc8d482f52adeacc5198cbc9d80679dda06380d0b77af24d9cb9b3ae1b7b99f6

Analysis

max time kernel
179s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 16:40

Target

cc8d482f52adeacc5198cbc9d80679dda06380d0b77af24d9cb9b3ae1b7b99f6.dll
Size

177KB
MD5

6270d68e5dca0b54c209127c48ac53ae
SHA1

a057dd0d0479407d0775589c46f79adf70158352
SHA256

cc8d482f52adeacc5198cbc9d80679dda06380d0b77af24d9cb9b3ae1b7b99f6
SHA512

78edcf16a680c8dbbd75c3df87a436030e76e5eb96cac6c764d4bb2fbc0138d32b1c8de1b6057c5105d4c677c0b19f6ac0a158919cd6bea47c38cab1e8d2874a
SSDEEP

3072:1hNGHDxCCBe8meQpb031yp7sADBXMfd29Aq0CJjb8Q+/5x7EE:1hNslCke8m/hAyb1UI9v0CF4Dx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 3600	3588	rundll32.exe	82
PID 3588 wrote to memory of 3600	3588	rundll32.exe	82
PID 3588 wrote to memory of 3600	3588	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8d482f52adeacc5198cbc9d80679dda06380d0b77af24d9cb9b3ae1b7b99f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8d482f52adeacc5198cbc9d80679dda06380d0b77af24d9cb9b3ae1b7b99f6.dll,#1
  2⤵
  PID:3600