aa2dde9e8c85b387267d9983c1612b08f73b164df203d2494f585fd9c1089bd4

Analysis

max time kernel
232s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20221111-es
resource tags

arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
28/12/2022, 09:50

Target

libeay32.dll
Size

672KB
MD5

22406724020c56b6e811183d1adcf814
SHA1

df52dd2b19572d66fb2f01a28ea67d26b1e3e909
SHA256

141bf90fa9fa40c37580ed13f24dcf495b87004dffc985967c068ee2d81f3d11
SHA512

8a389202fcb9e0d7b80f6ac0b55bf117a458afeaba67b1c55fbf8586150b8bbc413464ee354b37608be9c92f5c6d6b32901dbba91a573288fc4effe5c265ecca
SSDEEP

6144:/qrjPneNWKeJanfd63dZ9AFrEV/Wa0CsgesAFEL8iD0LaT7HNaOVql+9rUpz6tuG:/kjPeNWK1E9AFE0sJn2GTVtmMey

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2300	2412	rundll32.exe	81
PID 2412 wrote to memory of 2300	2412	rundll32.exe	81
PID 2412 wrote to memory of 2300	2412	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libeay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libeay32.dll,#1
  2⤵
  PID:2300