ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e

Analysis

max time kernel
103s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:02

Target

ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e.dll
Size

269KB
MD5

c0bfc2c1897a9d23e86548fbb44987e9
SHA1

e826af97517d0509de2903ddaf87d1f4bf5f1a89
SHA256

ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e
SHA512

571c46d9b6f09458818c8ffb23485b05d58f5a09f8873d82876ab8174f1575ed0c7c3e149a57c9599ce3d7afbcb9a1194de2b2b867b9478a8a1c5c0a3775e319
SSDEEP

6144:OMrykYAuCX1IJ3Go0HmhAhh9XQT3V/yZYgYte36cjOHb:TzYAukoOwy1FTDqH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2404	2232	rundll32.exe	83
PID 2232 wrote to memory of 2404	2232	rundll32.exe	83
PID 2232 wrote to memory of 2404	2232	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef9df327518f83affbe757474caea3b922c851e7e3c05b18d6a721ddc5be860e.dll,#1
  2⤵
  PID:2404