e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:41

Target

e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll
Size

78KB
MD5

6b2ae6ac4d27eb6bc5576e9841eb85c0
SHA1

f68bdf4a9862068427e302442d4d0517e92d1467
SHA256

e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a
SHA512

30d0b36248cc33608f6a0c2d0efa9f3fe70b90a94100e81df4de72fefe54b4f00622d76f360076d27b45fce948e672f3ae1d62d4c715807dd3a6b832e86897d2
SSDEEP

1536:HKvv9jeCw6l9n+Eu2Sop32Qx43Qtu5Kxy6KP4S7k78h75OqCH2f:TSHu2Skx43QtiKQ6IV7kwh75OqCC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 4212	2040	rundll32.exe	81
PID 2040 wrote to memory of 4212	2040	rundll32.exe	81
PID 2040 wrote to memory of 4212	2040	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll,#1
  2⤵
  PID:4212