2ec7cbf74dc2f69e5cb5ee021974449cb40840e661d738ae33f7df9405592405

Analysis

max time kernel
143s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:36

Target

2ec7cbf74dc2f69e5cb5ee021974449cb40840e661d738ae33f7df9405592405.dll
Size

56KB
MD5

65e9b955e4c106c6881a869adfe5a57a
SHA1

55060ccb8ac5133665ba2256966186154c3ed39a
SHA256

2ec7cbf74dc2f69e5cb5ee021974449cb40840e661d738ae33f7df9405592405
SHA512

6c648fc0775ba911e7aa58f4ad8216c5873d932fd7ae23b8d46c4d5c09b826a79483eea47ffdf4e5a2d8ffaaf2c238efaacd7dbdbb08c833c7991feec62d59d5
SSDEEP

768:z3OHS8KOzHvQq35/VUlRkfH+ly1eHKivpZed/ue3bZmdZ+L18iYIUHreFoM:yHZbRJWkOYeHKx2KdomDYLex

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1488	2220	rundll32.exe	83
PID 2220 wrote to memory of 1488	2220	rundll32.exe	83
PID 2220 wrote to memory of 1488	2220	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ec7cbf74dc2f69e5cb5ee021974449cb40840e661d738ae33f7df9405592405.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ec7cbf74dc2f69e5cb5ee021974449cb40840e661d738ae33f7df9405592405.dll,#1
  2⤵
  PID:1488