c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3

Analysis

max time kernel
70s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2023 19:51

Target

c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll
Size

2.5MB
MD5

cbf23b2a913eb6cc96c8fd72d39807e2
SHA1

ca3f7a691ff699b83f379f22b8563fc8749cdb27
SHA256

c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3
SHA512

a0051b9e1bdc1317cda009a0c57e287ac6496b92867fd8d1f5a90d7b9e85156c2304e3e653557f5daef62221408ab34e2e9ea470369fba5b38a9f50b454ae263
SSDEEP

49152:4GQFopxxPl57HyKBPsX2k3W5VbuqRvQSYKIuMIjF36MB5i/3:NQCp/HDPsGx5QWvQSYKtL5fi/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1520 wrote to memory of 3728	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 3728	1520	rundll32.exe	rundll32.exe
PID 1520 wrote to memory of 3728	1520	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll,#1
2⤵
PID:3728

memory/3728-133-0x0000000002CA0000-0x00000000034F0000-memory.dmp

Filesize
8.3MB

Download
memory/3728-134-0x0000000002CA0000-0x00000000034F0000-memory.dmp

Filesize
8.3MB

Download