e49e80d8a673536c5b6f78681ff0cd35ee566a27bcde5d8a71e98870a0c0be51

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 13:57

Target

e49e80d8a673536c5b6f78681ff0cd35ee566a27bcde5d8a71e98870a0c0be51.dll
Size

557KB
MD5

053e45a9191be037bb30fdbd9c1a43d8
SHA1

f102aa4829f4ed391e5d8911e808fc2ea2d45bc4
SHA256

e49e80d8a673536c5b6f78681ff0cd35ee566a27bcde5d8a71e98870a0c0be51
SHA512

57403b63e314035104a1e796ff0b3caab0482857fbc15702177da90cd42cc11eacfccb0ca617ac144a120322e071c7305b15127035cbf402bea6db890d368748
SSDEEP

6144:gRieAYJuYDIy1ATSxRM8fTuzoiFIhR5PeGaDFPzdb1Z1967r05yKfUDb69i7FOLQ:gRieJJm4uSxyyjiIXsPzdbxUfsw2dAH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2992	2988	rundll32.exe	80
PID 2988 wrote to memory of 2992	2988	rundll32.exe	80
PID 2988 wrote to memory of 2992	2988	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e49e80d8a673536c5b6f78681ff0cd35ee566a27bcde5d8a71e98870a0c0be51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e49e80d8a673536c5b6f78681ff0cd35ee566a27bcde5d8a71e98870a0c0be51.dll,#1
  2⤵
  PID:2992

memory/2992-133-0x0000000002150000-0x00000000021DF000-memory.dmp

Filesize
572KB

Download
memory/2992-137-0x00000000020D0000-0x000000000214B000-memory.dmp

Filesize
492KB

Download