a2e2ea0557d4cc57fb23709c6f1094002d3101e79cee6e3bc3e39eadbf31ce3c

Analysis

max time kernel
133s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:15

Target

a2e2ea0557d4cc57fb23709c6f1094002d3101e79cee6e3bc3e39eadbf31ce3c.dll
Size

160KB
MD5

20caeb3a4af2a19284f03907b5c5ce54
SHA1

fbfa560f3b91f0313506144bb0c3284636b9d66d
SHA256

a2e2ea0557d4cc57fb23709c6f1094002d3101e79cee6e3bc3e39eadbf31ce3c
SHA512

0671aed4e9f30a7bfcb0ca3c81e6d98fb35ac81090aa3c403626db63d4351b623177ec4b5df69cfe00c048e6f38298ee0dd4ca4c029ad7c5a7ca40d78fdf7229
SSDEEP

3072:BbOJ0EL7wzI+MoiCx1a1crhdOzEeEaYf+SVfxM:Bb9Lzci1a1cFdOzWF2SVfxM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3096 wrote to memory of 2452	3096	rundll32.exe	rundll32.exe
PID 3096 wrote to memory of 2452	3096	rundll32.exe	rundll32.exe
PID 3096 wrote to memory of 2452	3096	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2e2ea0557d4cc57fb23709c6f1094002d3101e79cee6e3bc3e39eadbf31ce3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3096

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2e2ea0557d4cc57fb23709c6f1094002d3101e79cee6e3bc3e39eadbf31ce3c.dll,#1
2⤵
PID:2452