8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598

Analysis

max time kernel
108s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2022 18:15

Target

8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll
Size

2.4MB
MD5

d7c0d74b6f17eef08331a651bfc4da37
SHA1

45a25916814c3bf58934d2b700b7d09c0bcf2584
SHA256

8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598
SHA512

63dcbd9f5530a180e141742c9ff774d1ee44b274a9d19b0d337f5c3d6d4261966bc01b988be034596af1336288f62a6a21cd1a0cc6c05990042cf2a5b4a03005
SSDEEP

49152:RryDs5d5Xf4AEVqjEox/vkhGSzVGDR38WiGDsTcixZ:kEPHEKESH4GRiz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2652 wrote to memory of 2456	2652	rundll32.exe	rundll32.exe
PID 2652 wrote to memory of 2456	2652	rundll32.exe	rundll32.exe
PID 2652 wrote to memory of 2456	2652	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2652

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll,#1
2⤵
PID:2456