dd6ad4a99b065c1d95ce5b5167c8d24c8ab82f2ef9f24b1c118c0211f6bc895f

Resubmissions

03-08-2023 21:49

03-08-2023 21:43

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 21:43

Target

ssleay32.dll
Size

330KB
MD5

284e004b654306f8db1a63cff0e73d91
SHA1

7caa9d45c1a3e2a41f7771e30d97d86f67b96b1b
SHA256

2d11228520402ef49443aadc5d0f02c9544a795a4afc89fb0434b3b81ebdd28c
SHA512

9c95824a081a2c822421c4b7eb57d68999e3c6f214483e0f177e1066fe3c915b800b67d2008181c954ad0403af0fa1ade3e4ea11d53ab7e13f4a3def9f89cf4f
SSDEEP

6144:HZcUmTisWdw0HCXs2r84u5B//+AN7tpkKFsh1TW1Q4PQgu/7r2cEfXKrryAdH/8m:HZcUmGsWdw0HCXs2rdu5B/WAN7rkKFol

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3676	404	rundll32.exe	85
PID 404 wrote to memory of 3676	404	rundll32.exe	85
PID 404 wrote to memory of 3676	404	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ssleay32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ssleay32.dll,#1
  2⤵
  PID:3676