ccf91d116db024cceed3149467dbc6e9976298834a932d6d557ea3e0df35f009

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 03:05

Target

ccf91d116db024cceed3149467dbc6e9976298834a932d6d557ea3e0df35f009.dll
Size

327KB
MD5

50c2ee7eacc256d1f737c0c685cc8c7f
SHA1

bf5e5197d5d9b384ca8c9c87b1c91d5aba6309a2
SHA256

ccf91d116db024cceed3149467dbc6e9976298834a932d6d557ea3e0df35f009
SHA512

3c21f0fffa2bfc0b6e218a6216b6a7156358a00eefe50f89e7ca03dad2b3b931728013262ee9e7fc1871418fccc411e0d260080ba00d0d898ccec59098aec7bd
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 3968	4788	rundll32.exe	83
PID 4788 wrote to memory of 3968	4788	rundll32.exe	83
PID 4788 wrote to memory of 3968	4788	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf91d116db024cceed3149467dbc6e9976298834a932d6d557ea3e0df35f009.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccf91d116db024cceed3149467dbc6e9976298834a932d6d557ea3e0df35f009.dll,#1
  2⤵
  PID:3968