ffef699a5eadaa755a72bbfbdcc25aa3aea4ef5a079ea8212f70e69753a1c054

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 10:39

Target

ffef699a5eadaa755a72bbfbdcc25aa3aea4ef5a079ea8212f70e69753a1c054.dll
Size

32KB
MD5

41e853b21178de8182905d4aaebf49b3
SHA1

5b084a908bd3c62f5c75a517e1c86337f204d2d8
SHA256

ffef699a5eadaa755a72bbfbdcc25aa3aea4ef5a079ea8212f70e69753a1c054
SHA512

e61f9c268ab89296c655b5d0b37e93335e31b6d1b3d3f9fae28613c5f82fb3af86c81762374b68edfcf6d2da9d09dc75be6fd4e63efe43239c5976d5bac90c0c
SSDEEP

384:kp3Djv9NYwKEZwAETtPR9eLi4bpA5E77qDE7h70prlawgJFJfegYCRLGz:o3fGMXaILzb+E7qEF70NlhCDWglRyz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 3884	4948	rundll32.exe	81
PID 4948 wrote to memory of 3884	4948	rundll32.exe	81
PID 4948 wrote to memory of 3884	4948	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffef699a5eadaa755a72bbfbdcc25aa3aea4ef5a079ea8212f70e69753a1c054.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffef699a5eadaa755a72bbfbdcc25aa3aea4ef5a079ea8212f70e69753a1c054.dll,#1
  2⤵
  PID:3884