ef120aea450d9a8c2aa7fabb664d01c072d4d5e0dbf19f7e58c23b673ed52eab

Analysis

max time kernel
16s
max time network
3s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 16:16

Target

ef120aea450d9a8c2aa7fabb664d01c072d4d5e0dbf19f7e58c23b673ed52eab.dll
Size

143KB
MD5

32ca5fc9ba203b8bff27ca4fe84ffd65
SHA1

fda81af69b32da6472d3f57255bdb8c7488f1603
SHA256

ef120aea450d9a8c2aa7fabb664d01c072d4d5e0dbf19f7e58c23b673ed52eab
SHA512

a0c0558f36f2b4bd09e228d83401936d2f6d827d6f09eb05a11ec6b1bb8ab12d5d4dc1efde7fa8c096f7fefbff0abd10a6fc075d39356a16ee402975407c4495
SSDEEP

3072:aO05DZe+eFLFqj8T1DA40KjpuK30OEYE+/cNKrVup3:aO05Ds++LFqj8TB7bsWTT/cNKra

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1752	1404	rundll32.exe	75
PID 1404 wrote to memory of 1752	1404	rundll32.exe	75
PID 1404 wrote to memory of 1752	1404	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef120aea450d9a8c2aa7fabb664d01c072d4d5e0dbf19f7e58c23b673ed52eab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef120aea450d9a8c2aa7fabb664d01c072d4d5e0dbf19f7e58c23b673ed52eab.dll,#1
  2⤵
  PID:1752