e212f6aecb23e91988c02160017bc00afeee0bb43a0a42643fc4176a0e140fd7

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 01:50

Target

e212f6aecb23e91988c02160017bc00afeee0bb43a0a42643fc4176a0e140fd7.dll
Size

4KB
MD5

e9902689ff49ac6e7d4f7c80a8ee4090
SHA1

0870544017d717f164ff84c5d5dd4115d195e53c
SHA256

e212f6aecb23e91988c02160017bc00afeee0bb43a0a42643fc4176a0e140fd7
SHA512

e51dcd06af0cb8c0062b15216ec6edfa6b215697049fcf7e70e80de0324c027845cf52b0f5b3b465a584fdc3eba894a5aec6b42313dc4fa5a41c2ad91c735f29
SSDEEP

48:SWkO0IoyTnXz+ihZjokB/mCZsEyhRH12sd9MM2OMy68:ZJTnXzvokFZryh5gfZy68

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2320	4788	rundll32.exe	81
PID 4788 wrote to memory of 2320	4788	rundll32.exe	81
PID 4788 wrote to memory of 2320	4788	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e212f6aecb23e91988c02160017bc00afeee0bb43a0a42643fc4176a0e140fd7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e212f6aecb23e91988c02160017bc00afeee0bb43a0a42643fc4176a0e140fd7.dll,#1
  2⤵
  PID:2320