e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db

Analysis

max time kernel
124s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 01:53

Target

e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll
Size

91KB
MD5

267e8b31ccfe39e5242839bfd3996d18
SHA1

4afb41e7cc279413e3b71c5616ae64190546f714
SHA256

e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db
SHA512

106bbaf10d65c733c116838feafb81ca82f1a49e91cb5ca394ace56a150e02ef1b5085f1f921336faa7fd1d3c8d51584313e2b478f65687775c3ce539c0d6b76
SSDEEP

1536:/0qXQb7/Faistv9os2FM4ohv4lJcFwcqpxWjxNGHHAMWaxt5Z8JtP:7A7/siCvoFHohv4ewPpYjzGHHzWaxLOf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 4264	5052	rundll32.exe	82
PID 5052 wrote to memory of 4264	5052	rundll32.exe	82
PID 5052 wrote to memory of 4264	5052	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll,#1
  2⤵
  PID:4264