c2ed6bf2c6a1275225da20b74d8daf71e3a36dd8c1ec7ad1a69175e5b274597e

Analysis

max time kernel
92s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:25

Target

c2ed6bf2c6a1275225da20b74d8daf71e3a36dd8c1ec7ad1a69175e5b274597e.dll
Size

105KB
MD5

0ed338b0600085c6ed0c9466894c8252
SHA1

d243505d1239e60348e1e8099206386964bad282
SHA256

c2ed6bf2c6a1275225da20b74d8daf71e3a36dd8c1ec7ad1a69175e5b274597e
SHA512

df32527870813fa2c635015c000a5fdf693bcfacf3611d3ab2b27e9dcbe7d0df635fff5bd1fc7fc40189f4a9593f65ecdc68a221577cd1725df967dc8556050b
SSDEEP

1536:TD6K271gp7DXHQ49AzyjSPEiRsB8wnHhcMWqblIxqf/hqnyFIKoCyNBj:TDGYLwwsyjSPEliwne9qqxqfpqy3uNt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 3340	1652	rundll32.exe	80
PID 1652 wrote to memory of 3340	1652	rundll32.exe	80
PID 1652 wrote to memory of 3340	1652	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2ed6bf2c6a1275225da20b74d8daf71e3a36dd8c1ec7ad1a69175e5b274597e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2ed6bf2c6a1275225da20b74d8daf71e3a36dd8c1ec7ad1a69175e5b274597e.dll,#1
  2⤵
  PID:3340

memory/3340-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download