2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2023 08:44

Target

2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll
Size

2.5MB
MD5

d49591f472aa7626074aa9914d670ec1
SHA1

e7080ecb8036303d27be9e7a87716ddc8608ab69
SHA256

2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806
SHA512

0909ba541e56f66f0c1746d4a0ec5c6905819f5c53502d1a61f6ce7465e6b8ecdb5f2b33e341e6146ac899686a82e979118ddc0f1a0103e7223b4b87595879ac
SSDEEP

49152:nut4E5/XZabuGc+Tto/clQQF/lovXYGl3Ou1ftgeQHcFSyRKVk73V:uLzXG1tkWTgfYGl+u1ftgeQHcXKSl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1872 wrote to memory of 3996	1872	rundll32.exe	rundll32.exe
PID 1872 wrote to memory of 3996	1872	rundll32.exe	rundll32.exe
PID 1872 wrote to memory of 3996	1872	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll,#1
2⤵
PID:3996