2ebd0d4d9aa2598ea0e11e02f3fcdeb6c6d179ef41fa20f856915769a88eea23

Analysis

max time kernel
64s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:36 UTC

Target

2ebd0d4d9aa2598ea0e11e02f3fcdeb6c6d179ef41fa20f856915769a88eea23.dll
Size

5KB
MD5

6336fe36f4aefbcf55f9d7764ed6b740
SHA1

fb135b9ced0f11d05dcdb0d776086c021a2a5f6c
SHA256

2ebd0d4d9aa2598ea0e11e02f3fcdeb6c6d179ef41fa20f856915769a88eea23
SHA512

59087ed4a0bdc3939c34dab3dd40e7d0c36032e6d78f75c0ca7c72f499193eaccd8c0039d4db04fd264be3e1a31bab5be855150d2b18e8b1d5d794fcd2d1a0d6
SSDEEP

96:XprYDpKnI6wJ+Ls7guyHejyn/I9l0iaiHzAilO:XUcA+ggd+W/If0ixzAik

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2148	2928	rundll32.exe	81
PID 2928 wrote to memory of 2148	2928	rundll32.exe	81
PID 2928 wrote to memory of 2148	2928	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ebd0d4d9aa2598ea0e11e02f3fcdeb6c6d179ef41fa20f856915769a88eea23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ebd0d4d9aa2598ea0e11e02f3fcdeb6c6d179ef41fa20f856915769a88eea23.dll,#1
  2⤵
  PID:2148