e4349aec6d9179f6b161a5ee25d2b2a86283cc841d9e4313e43c066ac21cf896

Analysis

max time kernel
120s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 01:03

Target

e4349aec6d9179f6b161a5ee25d2b2a86283cc841d9e4313e43c066ac21cf896.dll
Size

5KB
MD5

6bb14be64160465fb2cfe0f3da633b80
SHA1

128c7d35816739280b2dbcca8be24cd54790c659
SHA256

e4349aec6d9179f6b161a5ee25d2b2a86283cc841d9e4313e43c066ac21cf896
SHA512

dca2e9b9587a5bbcb3ddc48c4f6c72ea829e2842accd45b88e6c83b479e6a692167f691ea4b63095412d30277ca108bc7d3b234588c37c206db637640f759544
SSDEEP

48:C6Vo9HBok7lYa92RranDBetlG9MgO8xxJCAba711bgFZSoQdwmtcCL9qzy9dwRK6:nI2RrUeqk8xC+EJyTQfcC8zNRK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 3252	2808	rundll32.exe	78
PID 2808 wrote to memory of 3252	2808	rundll32.exe	78
PID 2808 wrote to memory of 3252	2808	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4349aec6d9179f6b161a5ee25d2b2a86283cc841d9e4313e43c066ac21cf896.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4349aec6d9179f6b161a5ee25d2b2a86283cc841d9e4313e43c066ac21cf896.dll,#1
  2⤵
  PID:3252