e8d600d54ce12b3c29a65046849540f1cc1a330b4acd1712c84df9d48093bc5a

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:09

Target

e8d600d54ce12b3c29a65046849540f1cc1a330b4acd1712c84df9d48093bc5a.dll
Size

6KB
MD5

9d3a6108611af0e5495e1e4a7844c450
SHA1

5ca38b3c5e1e97b5d30d7106828ae6a5a08a617d
SHA256

e8d600d54ce12b3c29a65046849540f1cc1a330b4acd1712c84df9d48093bc5a
SHA512

4bc70b682d5dd76eee23997c34eda35e427e6b63b4921006f53fde5648e5fe21c8275cf8f70d0ed4b350993f83ca70d74fed27cf1c2d938e23632aa6bd6876ad
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROxy42KU4:YXey4274

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 3880	4520	rundll32.exe	79
PID 4520 wrote to memory of 3880	4520	rundll32.exe	79
PID 4520 wrote to memory of 3880	4520	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8d600d54ce12b3c29a65046849540f1cc1a330b4acd1712c84df9d48093bc5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8d600d54ce12b3c29a65046849540f1cc1a330b4acd1712c84df9d48093bc5a.dll,#1
  2⤵
  PID:3880