ef37d3baeaf2ae5a894db821767ef0c7465a4a7bc14ff8175854af0beff7e640

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 04:06

Target

ef37d3baeaf2ae5a894db821767ef0c7465a4a7bc14ff8175854af0beff7e640.dll
Size

220KB
MD5

1c8fed3dff1796fe6186c1d9b01763f0
SHA1

0700038584a1422521ea42279b48f06c25427e43
SHA256

ef37d3baeaf2ae5a894db821767ef0c7465a4a7bc14ff8175854af0beff7e640
SHA512

61d36a8b858b86e93e4b94ee5f4b9f11bcfa05ba7e5bdc2a0b4996f187822b444a8c8787bbef384e6c4622a14c04d7664a36aa4daf074b0c1fe2abf2e595af2e
SSDEEP

3072:GnRG7Xtr7YNIMNGp6uy+MXlNwf831HWkXqzpA0meCHwr73iPVt/bgJpN:GRq9rn+q6uy+KlNwqHGA0mzHbgx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2996	3060	rundll32.exe	79
PID 3060 wrote to memory of 2996	3060	rundll32.exe	79
PID 3060 wrote to memory of 2996	3060	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef37d3baeaf2ae5a894db821767ef0c7465a4a7bc14ff8175854af0beff7e640.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef37d3baeaf2ae5a894db821767ef0c7465a4a7bc14ff8175854af0beff7e640.dll,#1
  2⤵
  PID:2996