e96773fd4360656ff7e34170a0e44d72c726831fe39bd01eec3156f083454255

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 01:06

Target

e96773fd4360656ff7e34170a0e44d72c726831fe39bd01eec3156f083454255.dll
Size

57KB
MD5

56580033b8b08d917acf8e0ec7605925
SHA1

0bc70f331156f269e03fbfd668bf5b4856d87362
SHA256

e96773fd4360656ff7e34170a0e44d72c726831fe39bd01eec3156f083454255
SHA512

beaaaad861ab8646491b4df93d6cf78cc3ca0dd4e94b85a2f6ecf219239af2bef14a213b9fba622bdb7ae01d52b3897331f636084783deea50b2a838e0512772
SSDEEP

1536:9NIKDP4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:oqP4YU6ErtGNEKIpCT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2296	2068	rundll32.exe	82
PID 2068 wrote to memory of 2296	2068	rundll32.exe	82
PID 2068 wrote to memory of 2296	2068	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e96773fd4360656ff7e34170a0e44d72c726831fe39bd01eec3156f083454255.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e96773fd4360656ff7e34170a0e44d72c726831fe39bd01eec3156f083454255.dll,#1
  2⤵
  PID:2296