fcaa1f0f02e74ad10ef48c6304d7f9edc93918314e2d7e1990384c708d15b7ac

Analysis

max time kernel
91s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 19:21

Target

fcaa1f0f02e74ad10ef48c6304d7f9edc93918314e2d7e1990384c708d15b7ac.dll
Size

6KB
MD5

29dae574e92b06d559b860cf1b787d40
SHA1

a4759618cbb03f6e1f27e80aa1e1efa8ae7b50c5
SHA256

fcaa1f0f02e74ad10ef48c6304d7f9edc93918314e2d7e1990384c708d15b7ac
SHA512

a64781bff596e9d68dab28ca04ce03304782156272e5a9286167e7277d3b79abc80f4704182e9f216f6f691605952612b66e192cb6879298deca8dbe1b8a0bcd
SSDEEP

96:rqoaixhR1n7zEGzbE7dLq2r0CtS4kOSBagVdYf/:uhiPj7CdLq2r0C2vY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 1884	4572	rundll32.exe	76
PID 4572 wrote to memory of 1884	4572	rundll32.exe	76
PID 4572 wrote to memory of 1884	4572	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcaa1f0f02e74ad10ef48c6304d7f9edc93918314e2d7e1990384c708d15b7ac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcaa1f0f02e74ad10ef48c6304d7f9edc93918314e2d7e1990384c708d15b7ac.dll,#1
  2⤵
  PID:1884