ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 12:32

Target

ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00.dll
Size

35KB
MD5

e7c2f1455d411c47889083e9ba4cfb70
SHA1

37ae73712e294535e231d7538798e8abdfabd5a0
SHA256

ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00
SHA512

ba9d034593c3eb97f5b5d6d875e60514811bb5827b57d865d4244531e2b21923deb5f5bf4066aadb0acc67c1368cfb7f46bcd830db4bd29a778c9de83ff7ccfe
SSDEEP

768:DsihV/57AWMbOJb6EAK17h0h4mNiOqhskdRa+Lsg:DsiL/57AEJuY7h0h4XhskdRa+Lr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 5012	4872	rundll32.exe	80
PID 4872 wrote to memory of 5012	4872	rundll32.exe	80
PID 4872 wrote to memory of 5012	4872	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebdb3e043f15b65b491cbdc0186b923a67a21acc5bc2f42b57a1769d6dba8a00.dll,#1
  2⤵
  PID:5012