ecd311e36b7ce1e939b34ee6d31f4f0eab62caaa2df1dbd13a7772fefa83b6cf

Analysis

max time kernel
91s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:08

Target

ecd311e36b7ce1e939b34ee6d31f4f0eab62caaa2df1dbd13a7772fefa83b6cf.dll
Size

152KB
MD5

75e29124466e24b9da02ed554d1c3ee6
SHA1

96ac2ba40b58a6f15feedf3ae2b563d2831ed571
SHA256

ecd311e36b7ce1e939b34ee6d31f4f0eab62caaa2df1dbd13a7772fefa83b6cf
SHA512

1bc8bf59d431cb50737e8017eb1f9ba343b993d7dc6e6346f18bcd061771b7ba61a7de2703cbbefca029141ad257b9eac41192a4ef38423d4593f6dede8a57c1
SSDEEP

1536:ifcIfMI7IjkuvfZ/AuwdcLN3KybbUm8odCwPXkdrNYVWmCcno7GBTAcsqd1BUb:iEfU8xvfGdo3KAFgdrNYVWfcPAs2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3852	4864	rundll32.exe	80
PID 4864 wrote to memory of 3852	4864	rundll32.exe	80
PID 4864 wrote to memory of 3852	4864	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecd311e36b7ce1e939b34ee6d31f4f0eab62caaa2df1dbd13a7772fefa83b6cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecd311e36b7ce1e939b34ee6d31f4f0eab62caaa2df1dbd13a7772fefa83b6cf.dll,#1
  2⤵
  PID:3852

memory/3852-133-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download