aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a

Analysis

max time kernel
177s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 01:51

Target

aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a.dll
Size

32KB
MD5

33b334a8970c81622d165b857b842090
SHA1

ddadb2fecbd5112d4eafd0eaa6bd1b199280f840
SHA256

aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a
SHA512

a8b47ef783a11bb974e0547d28b6395aad9cd829118d7c0a504f8caca5bb47dc81ad0cdaa46229afaabb082de51c01600936b9443475350cd718021f67698029
SSDEEP

768:oIh6p/HSZlfvKppbJ17vyfrxOVOGKLRqMjGf:96pNppj7afryERqMjGf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3704	2056	rundll32.exe	78
PID 2056 wrote to memory of 3704	2056	rundll32.exe	78
PID 2056 wrote to memory of 3704	2056	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aed3bd605b4ac71088f72ff04cc998707654dacfc4ab5002fe127372e143a30a.dll,#1
  2⤵
  PID:3704