2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2

Analysis

max time kernel
87s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 21:06

Target

2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2.dll
Size

28KB
MD5

bc670ecaa216bfdc1abce3745cde34e0
SHA1

7582f19eebb3fce5beb7490c348f4fa2410b94e6
SHA256

2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2
SHA512

75f97717b1d196bec7f89103b9ad41fa04d1255694de8d0475e33be270a54f461c86671fe5c9ffd2f038ef7e617b5499fa251d9337942b9e4a826efad17814b2
SSDEEP

384:KiW2/S8CHPw7Im5ajszMY/7mjA3/OpUP/lfe:0b8IO/u6/O+P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 3136	2448	rundll32.exe	80
PID 2448 wrote to memory of 3136	2448	rundll32.exe	80
PID 2448 wrote to memory of 3136	2448	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fb7efb58f5d492178dd6b7d1376ad2499525e852212e657908cb09d088138f2.dll,#1
  2⤵
  PID:3136