8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8

Analysis

max time kernel
138s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:36

Target

8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8.dll
Size

61KB
MD5

e31aa40df1b5be3487b4325b2da9bfb1
SHA1

80f65f72cf8cba22b2407d5f4c1039994b1ac7bf
SHA256

8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8
SHA512

1bfea1c4e0783bcedb7a894f63bc4a685c6e4151df8d3fbe554119931c0e1873f1d392594d39fdfc2d5bc2f42942a075f4b2dd105b4bf2bdf8d2e953af7df3bc
SSDEEP

1536:i1O18d/qFUB+GDAWCPypxQ1T5BJYBzWLgV5681ntiQ:ik1na+GsWKypxQ19kBz2gL68q

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4728	4828	rundll32.exe	80
PID 4828 wrote to memory of 4728	4828	rundll32.exe	80
PID 4828 wrote to memory of 4728	4828	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e3f11d1ee7b6e732d4157b7d66200ef2b8f664104d59469f5ea7a163e4c94f8.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728