2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15

Analysis

max time kernel
501s
max time network
503s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/10/2022, 05:53

Target

2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15.dll
Size

530KB
MD5

03c67d5ff82572582a5722a7b34dada5
SHA1

3dc55010ee44a42de0fbad40a1671c3b7af8aff2
SHA256

2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15
SHA512

0b477f9c703fd8ed3d5f6a7ce3824638ee7c754963e5ed7bbff9e5eb10f2982870b8c7f718d54bdcecccb20662bfa8b7e8fbf4dc42aff73d4365599670ff2425
SSDEEP

6144:NQgf32Okc+tMGWlhcL9BxgZB8gYFkCRmE2CXLp0MC3eGzm5KkC82W3pjJSHAtKka:egfp+tAcL9fhjFs3CY7+KkCC5JSlkna

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1796	1260	rundll32.exe	38
PID 1260 wrote to memory of 1796	1260	rundll32.exe	38
PID 1260 wrote to memory of 1796	1260	rundll32.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15.dll,#1
  2⤵
  PID:1796