ae6eaa94c0962bdc3ae856029303eba956c2eb50df97335ea90405560a11ed27

Analysis

max time kernel
106s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2022 14:30

Target

ae6eaa94c0962bdc3ae856029303eba956c2eb50df97335ea90405560a11ed27.dll
Size

2.4MB
MD5

d6690be1057ed2e59e85d9eb7d085811
SHA1

d1210f9d3bbd99531ab300c38349db14dc5acf71
SHA256

ae6eaa94c0962bdc3ae856029303eba956c2eb50df97335ea90405560a11ed27
SHA512

ff3fe848caf52b1a737b7fb98f0bc82bb64b4774b4f48feb8e75c02b3fff6004aa5357a8dbbbf80e2915023d1880b8db698dfa17168249ff9024499b8dcebfd3
SSDEEP

24576:Kv5Jt1rMbZ3A2t2TX3FJwBQBVAAJo1Vj90EdzyVhBwSELgVqjz+AnC4z7tM1uvMY:GMbZ3AREko1chGSzVGD7tMwU5T6YxZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1780 wrote to memory of 1504	1780	rundll32.exe	rundll32.exe
PID 1780 wrote to memory of 1504	1780	rundll32.exe	rundll32.exe
PID 1780 wrote to memory of 1504	1780	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6eaa94c0962bdc3ae856029303eba956c2eb50df97335ea90405560a11ed27.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1780

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6eaa94c0962bdc3ae856029303eba956c2eb50df97335ea90405560a11ed27.dll,#1
2⤵
PID:1504