ef61047c9f289bced6b1b6f6c4aa74e1bba4df532dd86478a59809e025344601

Analysis

max time kernel
139s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 15:59

Target

ef61047c9f289bced6b1b6f6c4aa74e1bba4df532dd86478a59809e025344601.dll
Size

58KB
MD5

a1aa7985cdf82a19d98faa654374820f
SHA1

d90e88315a82393dd281b759bd1696e4e60939a8
SHA256

ef61047c9f289bced6b1b6f6c4aa74e1bba4df532dd86478a59809e025344601
SHA512

63c02b924f49d348edf49f9c1df1e418c8573d0b34a26e0db30c18bb70a7fd8f65a6e2396442196d52921c2ba8a3ff2373e839316f4400dc7ef3389cafe2b882
SSDEEP

1536:yl3E0TXFWwklv+v5Ie12jpnu0766E6ejqV+ydOvz:E39UwkJ+v53aA0uOVxg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2920	1932	rundll32.exe	81
PID 1932 wrote to memory of 2920	1932	rundll32.exe	81
PID 1932 wrote to memory of 2920	1932	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef61047c9f289bced6b1b6f6c4aa74e1bba4df532dd86478a59809e025344601.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef61047c9f289bced6b1b6f6c4aa74e1bba4df532dd86478a59809e025344601.dll,#1
  2⤵
  PID:2920