cc69ed145e73a938e612e68b1fd0194f90601f7a1d0f2d098d313442d860c146

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 01:28

Target

cc69ed145e73a938e612e68b1fd0194f90601f7a1d0f2d098d313442d860c146.dll
Size

4.4MB
MD5

411260aae91578a8f1e12861bd85b4ee
SHA1

414ef1f40fbf91cb8b1c5e00944b22280581bf42
SHA256

cc69ed145e73a938e612e68b1fd0194f90601f7a1d0f2d098d313442d860c146
SHA512

57061c17b3c17f574c6f73f9e3faf4a00b0aa371c2df668cefe4bcd9de47d624b0b52a85434fd45abb5dae03454e9e1aa4dfeaf5ef9c5d484fdc847a4dbbc43e
SSDEEP

49152:14lzJa2u2wU4zvV2LlJOr1qeXePjH/zeiuh0Gx6jMijkrZlI0AilFEvxHiatl6DJ:14zZP4zvV2Zwr1qeXePOiuGjxuD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3328	4572	rundll32.exe	88
PID 4572 wrote to memory of 3328	4572	rundll32.exe	88
PID 4572 wrote to memory of 3328	4572	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc69ed145e73a938e612e68b1fd0194f90601f7a1d0f2d098d313442d860c146.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc69ed145e73a938e612e68b1fd0194f90601f7a1d0f2d098d313442d860c146.dll,#1
  2⤵
  PID:3328