e452ac13670cd4a780b640fb7764e1588e6093c44adc2441921fe6cb74a2ee82

Analysis

max time kernel
90s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 13:08

Target

e452ac13670cd4a780b640fb7764e1588e6093c44adc2441921fe6cb74a2ee82.dll
Size

56KB
MD5

55faf3310c6b3fcdf737d2145efe46f0
SHA1

24fc1c5a682098288950564eaf1a2c5c708eb974
SHA256

e452ac13670cd4a780b640fb7764e1588e6093c44adc2441921fe6cb74a2ee82
SHA512

9bb2da364b593376565bf7312354f40a252cdb421cf55b99a1aff3ec759a399ee4f7d4cb5e0f065a279f0e885f1a0936467488b26d6ce07bd113ff988dac1674
SSDEEP

768:x9tYNOaJuEGoB6Qu3WtzqUM1S7+TPGu9UNzy4s3DcPOwXcViBQzGwEKyTbN5s2IC:xANOMB6X3W1qP1OfxwmOwXckuSL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 3256	4440	rundll32.exe	79
PID 4440 wrote to memory of 3256	4440	rundll32.exe	79
PID 4440 wrote to memory of 3256	4440	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e452ac13670cd4a780b640fb7764e1588e6093c44adc2441921fe6cb74a2ee82.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e452ac13670cd4a780b640fb7764e1588e6093c44adc2441921fe6cb74a2ee82.dll,#1
  2⤵
  PID:3256

memory/3256-133-0x0000000075650000-0x000000007565E000-memory.dmp

Filesize
56KB

Download