b7429318f1610b0778762aa8bcf573a167a26c23eb98a315d5fe022ec934de6a

Analysis

max time kernel
214s
max time network
232s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2023, 19:19

Target

ccFWSetg.dll
Size

461KB
MD5

ebfd1888e4ce9d9772180a2b57063690
SHA1

600f97ec81b603f2ce612cc1beceaa3b385d78e5
SHA256

b7429318f1610b0778762aa8bcf573a167a26c23eb98a315d5fe022ec934de6a
SHA512

540b8ff265d9dbe74ffa84e6265dd5c9301a8381993b6c5fe575c518e216d8e103e99da71adf1aedca4e6b3865dd31987dd37217eb1c1da2df8f7472bb0c4868
SSDEEP

6144:z5YHt5CPCjp39xegrI9Rm4FSD++DpR8xTomSpxZsqnL9VILZ1cIcbTVc7zht:zgMKt39RrIbsR8ApxZsu2Z1cIcAht

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 4204	2168	rundll32.exe	78
PID 2168 wrote to memory of 4204	2168	rundll32.exe	78
PID 2168 wrote to memory of 4204	2168	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccFWSetg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccFWSetg.dll,#1
  2⤵
  PID:4204