5ef2fe40403bdbff6ed32e4cfc77e9d2ec6618ea0ee2c2fa2356a70a52b69ef5

Analysis

max time kernel
276s
max time network
318s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:36

Target

5ef2fe40403bdbff6ed32e4cfc77e9d2ec6618ea0ee2c2fa2356a70a52b69ef5.dll
Size

74KB
MD5

93de72fe01ddc69cfa720d5c9ea78e41
SHA1

3869613a02ceb2bcd5774fb35c5e092958acd7b8
SHA256

5ef2fe40403bdbff6ed32e4cfc77e9d2ec6618ea0ee2c2fa2356a70a52b69ef5
SHA512

2725a4986fee4cf8cb255cb7ff2b7ca2a16c810eac2f737fa8ea4075134b2c0ac3fd720e2df0515ebb67925c2fc558c6c76b0de7ee96506167aa5e5dd7f3a36a
SSDEEP

1536:RVFuQlmWLKAR+pX9EnfqxV7AlSVOomGTQogt:TJhLKf8nStDzTQPt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 2288	3780	rundll32.exe	80
PID 3780 wrote to memory of 2288	3780	rundll32.exe	80
PID 3780 wrote to memory of 2288	3780	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ef2fe40403bdbff6ed32e4cfc77e9d2ec6618ea0ee2c2fa2356a70a52b69ef5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ef2fe40403bdbff6ed32e4cfc77e9d2ec6618ea0ee2c2fa2356a70a52b69ef5.dll,#1
  2⤵
  PID:2288