e2e792e96da67333e3c131f91da019978b867743e26e5ad2f1de8700a3c763de

Analysis

max time kernel
151s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 18:16

Target

e2e792e96da67333e3c131f91da019978b867743e26e5ad2f1de8700a3c763de.dll
Size

6KB
MD5

032a4c33b40c6151083ca9e83f5b288d
SHA1

9fecf5d3c55f2197ce38d73c0478f79007c27f46
SHA256

e2e792e96da67333e3c131f91da019978b867743e26e5ad2f1de8700a3c763de
SHA512

c2961b83ff4f30357d498e5223bd69f14cf91d32aa998aa04b9c9a9cb4ac50cc2e3c0fce9b9bdb155801c18a86a959c06aae15e79243d3d9f186371ab14e26bc
SSDEEP

48:aGy7MN4cpSGAXbIni1kvNs6ztutiKIZWiwQTnU5WwG2QozbC:xB4c4G6bn1k1sw0EW3enIWwGqb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3840	1428	rundll32.exe	81
PID 1428 wrote to memory of 3840	1428	rundll32.exe	81
PID 1428 wrote to memory of 3840	1428	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2e792e96da67333e3c131f91da019978b867743e26e5ad2f1de8700a3c763de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2e792e96da67333e3c131f91da019978b867743e26e5ad2f1de8700a3c763de.dll,#1
  2⤵
  PID:3840