ef60a30f5eda042506ca7d475aed89a131700643962ebc3bf72a447250c47e63

Analysis

max time kernel
132s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 15:30

Target

ef60a30f5eda042506ca7d475aed89a131700643962ebc3bf72a447250c47e63.dll
Size

52KB
MD5

6cf18213e1983b22effbe4b80a17fab7
SHA1

ab2729f6c490489d9473aec7d4ff74f02654ca55
SHA256

ef60a30f5eda042506ca7d475aed89a131700643962ebc3bf72a447250c47e63
SHA512

afe1bcc8b82126488bd29d552c3757b44741edbac22aca1d0ea2d888135e78a02f27c218495f0eb54e6b63f692a17ff61e3deb3a81637c5c82cc9d22ceea90b9
SSDEEP

768:2788TBHR7oOj33NvwSFbyx9GGB8oYMW3N3T:2788TBHldxtbAcLoTW3VT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4928	4924	rundll32.exe	83
PID 4924 wrote to memory of 4928	4924	rundll32.exe	83
PID 4924 wrote to memory of 4928	4924	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef60a30f5eda042506ca7d475aed89a131700643962ebc3bf72a447250c47e63.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef60a30f5eda042506ca7d475aed89a131700643962ebc3bf72a447250c47e63.dll,#1
  2⤵
  PID:4928