efd2f22473e8abbd1a67247fdd23163669354849365d896c3b8989b89a0c757e

Analysis

max time kernel
95s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 12:03

Target

efd2f22473e8abbd1a67247fdd23163669354849365d896c3b8989b89a0c757e.dll
Size

440KB
MD5

b86fc017e6960069fc36d9b7b96e1dc0
SHA1

035f122db6f1d78d1f37f17119f789c334befcf8
SHA256

efd2f22473e8abbd1a67247fdd23163669354849365d896c3b8989b89a0c757e
SHA512

6bfc04d4f7f355826044c35f3048aad884b6c2d3ca6f3785dbc1bd9f7bcd1e8ab96f30a3f3c92e87a182e908a0d3c531c32ba9efbac318dd9854c44f64a96bce
SSDEEP

6144:hCLILzU/mg1AV+qhBodU6hgMMQj9FegLn8CG4I8nzLE64FnfslzfnSKhH:hCwdg+hBodU6mML9Fege4I02fqzv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 5076	5060	rundll32.exe	81
PID 5060 wrote to memory of 5076	5060	rundll32.exe	81
PID 5060 wrote to memory of 5076	5060	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\efd2f22473e8abbd1a67247fdd23163669354849365d896c3b8989b89a0c757e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\efd2f22473e8abbd1a67247fdd23163669354849365d896c3b8989b89a0c757e.dll,#1
  2⤵
  PID:5076