ec90d2990936e5e873ea1ba6716e932288fcbec32bbbc78a92963cecdbe93348

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 15:53

Target

ec90d2990936e5e873ea1ba6716e932288fcbec32bbbc78a92963cecdbe93348.dll
Size

4KB
MD5

6ace7ae8e04fec4e3cae37643516401e
SHA1

668898dfa47ebac2dd109472de08e068b2f8d646
SHA256

ec90d2990936e5e873ea1ba6716e932288fcbec32bbbc78a92963cecdbe93348
SHA512

bbfaba02e3e5c548058201e7a257e091af4236451d021b708e4375700e20ab4e69083056cad2c6e8e20580f8db85b88cba22384199c32eb544f47117119e780e
SSDEEP

48:a5zjMTGcITBVQVE1lcF643qQF6WMJTCqCWampq:iT3Qu8J35F6NDCf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 3500	1380	rundll32.exe	54
PID 1380 wrote to memory of 3500	1380	rundll32.exe	54
PID 1380 wrote to memory of 3500	1380	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec90d2990936e5e873ea1ba6716e932288fcbec32bbbc78a92963cecdbe93348.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ec90d2990936e5e873ea1ba6716e932288fcbec32bbbc78a92963cecdbe93348.dll,#1
  2⤵
  PID:3500