5e82c2daaf9c6b98a5e933c6bfe64f12dc1faafbeef8b427d5fd3c7ee3e08010

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 22:37

Target

5e82c2daaf9c6b98a5e933c6bfe64f12dc1faafbeef8b427d5fd3c7ee3e08010.dll
Size

12KB
MD5

586a113aef689ddb9334302e3607e120
SHA1

a9b3d07679f47d44c89c05f1b9334e44b53a3315
SHA256

5e82c2daaf9c6b98a5e933c6bfe64f12dc1faafbeef8b427d5fd3c7ee3e08010
SHA512

66e398a88db77101a694c68aae35f4338ad54f1dd97e48571375f6f91009482f626b41ef9309d37587bd483cf2cfee5bf4dc818e8c457996c51af47a6f82ca96
SSDEEP

192:JVABzgLCz29324TSGhFS1zlCAH2sRHvXcT8ddo/M9cU7+wKl:bAB142wSGhUqAHxSMoU9VO

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\cq30503.Fe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1260	1992	rundll32.exe	82
PID 1992 wrote to memory of 1260	1992	rundll32.exe	82
PID 1992 wrote to memory of 1260	1992	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e82c2daaf9c6b98a5e933c6bfe64f12dc1faafbeef8b427d5fd3c7ee3e08010.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e82c2daaf9c6b98a5e933c6bfe64f12dc1faafbeef8b427d5fd3c7ee3e08010.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:1260