c5d987f3d8bf960d343cc1a87c9dd077cf684157fd42dc211baf6ee074c24571

Analysis

max time kernel
154s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 19:46

Target

c5d987f3d8bf960d343cc1a87c9dd077cf684157fd42dc211baf6ee074c24571.dll
Size

48KB
MD5

65ce345db512d7b7ba45751ec2d6e054
SHA1

dc46d1b68eb2be435bbc99327cb219db80a34221
SHA256

c5d987f3d8bf960d343cc1a87c9dd077cf684157fd42dc211baf6ee074c24571
SHA512

b28c0066a15e95d2d5344ceaf6e83c79450d0119d1e4f883109969e26628bbd35a444e10124a290435afb412204b9ac565e3a905ac7d0f441c42e69f238c5a32
SSDEEP

768:9F2kd0Kki5WO3ejM19NEWrJvfhW74JyzYrXo9mh:nld0KkPO3/9NEAJW7Ezo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 1388	5092	rundll32.exe	81
PID 5092 wrote to memory of 1388	5092	rundll32.exe	81
PID 5092 wrote to memory of 1388	5092	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5d987f3d8bf960d343cc1a87c9dd077cf684157fd42dc211baf6ee074c24571.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5d987f3d8bf960d343cc1a87c9dd077cf684157fd42dc211baf6ee074c24571.dll,#1
  2⤵
  PID:1388

memory/1388-133-0x00000000028F0000-0x00000000029C6000-memory.dmp

Filesize
856KB

Download