e55aab929b409e7d26c9687d9d0bbc453af88ac525a01665205a8b7cbb23b512

Analysis

max time kernel
176s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 21:06

Target

e55aab929b409e7d26c9687d9d0bbc453af88ac525a01665205a8b7cbb23b512.dll
Size

282KB
MD5

a23e1157981e6190401c4ec8f489b576
SHA1

7d4a2a4de329c59b5c0d35ca39496e0c03e9a212
SHA256

e55aab929b409e7d26c9687d9d0bbc453af88ac525a01665205a8b7cbb23b512
SHA512

3733d35a7252b46db7ca9c4b2a00b1ac2e4725f259e24ce2edbd70237a70478ba98fa83c8ec9d6eae830a93548c76dc657994a1670472830d5cdcb1e5b57545b
SSDEEP

6144:q08+vTVPM4ki0f+Tw7YEapFsfE8VsTl8daqFEDnm:y+K4EWcsgfbVsT8FEL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 4364	2696	rundll32.exe	78
PID 2696 wrote to memory of 4364	2696	rundll32.exe	78
PID 2696 wrote to memory of 4364	2696	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e55aab929b409e7d26c9687d9d0bbc453af88ac525a01665205a8b7cbb23b512.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e55aab929b409e7d26c9687d9d0bbc453af88ac525a01665205a8b7cbb23b512.dll,#1
  2⤵
  PID:4364

memory/4364-133-0x0000000074B10000-0x0000000074B59000-memory.dmp

Filesize
292KB

Download
memory/4364-134-0x00000000005A0000-0x00000000005AF000-memory.dmp

Filesize
60KB

Download
memory/4364-135-0x00000000005B0000-0x00000000005BE000-memory.dmp

Filesize
56KB

Download