ef6dfcec7a338ad05ec03bf5cfac1d20b26221e3ca4a36d2bb7d3b78ae2c590b

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 17:26

Target

ef6dfcec7a338ad05ec03bf5cfac1d20b26221e3ca4a36d2bb7d3b78ae2c590b.dll
Size

19KB
MD5

12a7e662ebd1b63d172db9232ba67cb0
SHA1

faab9e3171614bbf0eafcf53b99bd62ad32cfdf0
SHA256

ef6dfcec7a338ad05ec03bf5cfac1d20b26221e3ca4a36d2bb7d3b78ae2c590b
SHA512

0acf73107caceaa7cca85df4809bdcfac31caafb99032270d94b7d8880f3600bd65ad97f93134eea3a0db877100c5ec4800a4ecfe34923d103903c412b722a06
SSDEEP

384:f7/n22ITPgfEhDsrQ800i80zY4+j7JdZgU0FaXE8:f7/nyPhhDsGn80zpW7JdZgtFaXE

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
4	4744	rundll32.exe
7	4744	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4744	4664	rundll32.exe	80
PID 4664 wrote to memory of 4744	4664	rundll32.exe	80
PID 4664 wrote to memory of 4744	4664	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef6dfcec7a338ad05ec03bf5cfac1d20b26221e3ca4a36d2bb7d3b78ae2c590b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef6dfcec7a338ad05ec03bf5cfac1d20b26221e3ca4a36d2bb7d3b78ae2c590b.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:4744