e4cea4c74e99f06ad99efeaba47aa756bb009aa3aeffe34f75a30219e76fa911

Analysis

max time kernel
150s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 11:15

Target

e4cea4c74e99f06ad99efeaba47aa756bb009aa3aeffe34f75a30219e76fa911.dll
Size

6KB
MD5

7994e4d364e7d8174fdfb7003c90bab0
SHA1

6aeed150f32531062ad9b0fd608f9af365733b38
SHA256

e4cea4c74e99f06ad99efeaba47aa756bb009aa3aeffe34f75a30219e76fa911
SHA512

0a4b5022c6c39cbdda963194bf2daf6b4b3da70723cd5378d8979047d3047898b415b01e535c6c67be37b24dbd34248fdbea2c68c7b0ce8e829654a55b89b308
SSDEEP

48:SsGp63gAST0cMLlD7prUlG9NzgQ2PbqZ/B2PE:VGEETrMLH5g

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 5080	4892	rundll32.exe	81
PID 4892 wrote to memory of 5080	4892	rundll32.exe	81
PID 4892 wrote to memory of 5080	4892	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4cea4c74e99f06ad99efeaba47aa756bb009aa3aeffe34f75a30219e76fa911.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4cea4c74e99f06ad99efeaba47aa756bb009aa3aeffe34f75a30219e76fa911.dll,#1
  2⤵
  PID:5080