e37fdef8d4aec877fd994ea5fceefb35dd10c9bc5a206797b3eba3c7b3063bb2

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 00:57

Target

e37fdef8d4aec877fd994ea5fceefb35dd10c9bc5a206797b3eba3c7b3063bb2.dll
Size

7KB
MD5

3a56ec9edf1ccca3e32eaafe7b1e35d0
SHA1

4b731900d7fcd46c0092bf436cf237262029da78
SHA256

e37fdef8d4aec877fd994ea5fceefb35dd10c9bc5a206797b3eba3c7b3063bb2
SHA512

a4378db3e0dd6b455342f9c1a04616aa7a5f6f74c53bc93bc75f3b0312e9971de298a0b7f5a539adbac115742595417fd4c58a58342264c39a3fd45ff828cb88
SSDEEP

96:z0dpglt6eGE0wYX7iH8HqlFRoHc047+UR98fF:/x0o6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 560	4956	rundll32.exe	81
PID 4956 wrote to memory of 560	4956	rundll32.exe	81
PID 4956 wrote to memory of 560	4956	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e37fdef8d4aec877fd994ea5fceefb35dd10c9bc5a206797b3eba3c7b3063bb2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e37fdef8d4aec877fd994ea5fceefb35dd10c9bc5a206797b3eba3c7b3063bb2.dll,#1
  2⤵
  PID:560