e42da7ec9c32e2c598e2f6fbdaf11faec0b4b44eb0bb5fcbe3b426cd9a0bd76d

Analysis

max time kernel
75s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2022, 14:39

Target

e42da7ec9c32e2c598e2f6fbdaf11faec0b4b44eb0bb5fcbe3b426cd9a0bd76d.dll
Size

5.4MB
MD5

418296db362338f2d7db274850b1af98
SHA1

4d3656fdca21c51ce7a6a07f448903b879163f2e
SHA256

e42da7ec9c32e2c598e2f6fbdaf11faec0b4b44eb0bb5fcbe3b426cd9a0bd76d
SHA512

2559c3ebe510ccab7122ec57592c925586d7a6dcf22c039b810022674512c20ddde96e2208aa12d8ebe4263ee4dc54c8fdcae5f8b00be8b5268557749097462e
SSDEEP

98304:Ux87jlM0vUjUSOA4wjgs3rjlqzeI/nUmlB:n7jvTNwjgs3rjlqaI/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 2768	1256	rundll32.exe	84
PID 1256 wrote to memory of 2768	1256	rundll32.exe	84
PID 1256 wrote to memory of 2768	1256	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e42da7ec9c32e2c598e2f6fbdaf11faec0b4b44eb0bb5fcbe3b426cd9a0bd76d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e42da7ec9c32e2c598e2f6fbdaf11faec0b4b44eb0bb5fcbe3b426cd9a0bd76d.dll,#1
  2⤵
  PID:2768