c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900

Analysis

max time kernel
150s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:22

Target

c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900.dll
Size

90KB
MD5

aa88f6baf99ac45ca2f82e05309fd023
SHA1

074f27345f76000d07267adfdd102d2e86308c85
SHA256

c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900
SHA512

3e613632ca195f0334388bf545b4c8c7ae45875fa7708c8bf3b2737cae755567859d497856b94e1298e08859536a11389eb060852f85f073762f187046d24d1c
SSDEEP

1536:l/+avA1/IW9SVcCgBFyWfu76B2i71bHjFvRKm2dJq:lPA9IWMWDFfu+BD71bHjOq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3492	4660	rundll32.exe	84
PID 4660 wrote to memory of 3492	4660	rundll32.exe	84
PID 4660 wrote to memory of 3492	4660	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c94966c5e3ba52dd0b9fb50e00e59cbb121fa538b18866abd0f85e642757d900.dll,#1
  2⤵
  PID:3492

memory/3492-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download