ef60ecb8cbe1019342f739a7a8e019c9589a15606fe3a0fbdf93906307abd0c6

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 11:37

Target

ef60ecb8cbe1019342f739a7a8e019c9589a15606fe3a0fbdf93906307abd0c6.dll
Size

376KB
MD5

93c03fbb59f90ed40133eb17e5e776b8
SHA1

0214e4eec002929f351c74ebc0d2ba929c738396
SHA256

ef60ecb8cbe1019342f739a7a8e019c9589a15606fe3a0fbdf93906307abd0c6
SHA512

95c4158e3db84d84f2fd5197a13c7d596d44cf57da2aee22c85e1de3129d9fe91851aed5442fdfe2dfa1a2167e08867c86c6e0d4778952c6b6f9e61d9d7ed8e9
SSDEEP

6144:L5uFxmHWwZj7b3TRiJopI9jMDP2SXvBzP6f+WXsQS3nsgZOwMCd:WNgoJopI9jMDPwzgNMCd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 2372	372	rundll32.exe	87
PID 372 wrote to memory of 2372	372	rundll32.exe	87
PID 372 wrote to memory of 2372	372	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef60ecb8cbe1019342f739a7a8e019c9589a15606fe3a0fbdf93906307abd0c6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef60ecb8cbe1019342f739a7a8e019c9589a15606fe3a0fbdf93906307abd0c6.dll,#1
  2⤵
  PID:2372