ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf

Analysis

max time kernel
180s
max time network
230s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 01:28

Target

ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll
Size

5KB
MD5

301fa924abb9fa0063aa8d711ff66f40
SHA1

ca293f5b638c63f989fdeb6d5b8495c82e7b7b20
SHA256

ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf
SHA512

536cdc8e62040df1c4e9f74f51ab6e16e8fa36742db212871973b8566c4e74fe78a63fb33e91aba44b9d2e822301732aad4bf16f145bdad2e912ad707e45a852
SSDEEP

96:nEY2RrF1eqwi4o9zTHs1Bg1e6/B2uHePW5XXbx:EHRh1eppodTMg1sDO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 3576	1160	rundll32.exe	44
PID 1160 wrote to memory of 3576	1160	rundll32.exe	44
PID 1160 wrote to memory of 3576	1160	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll,#1
  2⤵
  PID:3576