edf2699e3276340ecf9cbce7dfa0e30b6743a9cf0c5ab7c5dbfe8fec98204d77

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 23:18

Target

edf2699e3276340ecf9cbce7dfa0e30b6743a9cf0c5ab7c5dbfe8fec98204d77.dll
Size

4.4MB
MD5

ef273a5a0837446b06ac5dd874ac4fe6
SHA1

f87c806f5844d925d546e26e7b433a1992ef3f84
SHA256

edf2699e3276340ecf9cbce7dfa0e30b6743a9cf0c5ab7c5dbfe8fec98204d77
SHA512

4ee4b4274beb3246174c80187f3a26d30073f10c7894f724757d4551a43b5dbaf03a1c02f76355b236544f920f0af4441a4613f0902893c8989e510ae1c9083e
SSDEEP

49152:kOWGFmxz8S2gq3xgB4Q1rluqwvu8C3nCuiQ5qSXV5XZlyl3atS059dd:HWGFmiS2rgB4Q1r4zQ3l1SZ05

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 848	3772	rundll32.exe	82
PID 3772 wrote to memory of 848	3772	rundll32.exe	82
PID 3772 wrote to memory of 848	3772	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\edf2699e3276340ecf9cbce7dfa0e30b6743a9cf0c5ab7c5dbfe8fec98204d77.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\edf2699e3276340ecf9cbce7dfa0e30b6743a9cf0c5ab7c5dbfe8fec98204d77.dll,#1
  2⤵
  PID:848