eccb0c2eeb8c7f3bd74f52ff62163dcfb046d1ba08e84fd63a986b65feba5ab2

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 07:49

Target

eccb0c2eeb8c7f3bd74f52ff62163dcfb046d1ba08e84fd63a986b65feba5ab2.dll
Size

3.1MB
MD5

e594ee84d0df187145ca86e17a4d1844
SHA1

2c96f78e45a2ce1d366f00aa819d6081da9f63dc
SHA256

eccb0c2eeb8c7f3bd74f52ff62163dcfb046d1ba08e84fd63a986b65feba5ab2
SHA512

b709e7f88a0a47d1ab29516f87c1975e2c72eb232db2db88c5b76cb61f04cace6a4ada69d7189bde0c19f08167caeee50f6e1ea488b5e9ecf884f6401fa936f9
SSDEEP

49152:8F3bRHvPOsPrTde6Vae6AiZLkrzSQj6LtOa1JpflJA+n8y1kpSYDedT+vpl7O+y9:KN+Pe6AidkrWQjQ1/dmc8y2LDedsl7o

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 776 wrote to memory of 4560	776	rundll32.exe	rundll32.exe
PID 776 wrote to memory of 4560	776	rundll32.exe	rundll32.exe
PID 776 wrote to memory of 4560	776	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eccb0c2eeb8c7f3bd74f52ff62163dcfb046d1ba08e84fd63a986b65feba5ab2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eccb0c2eeb8c7f3bd74f52ff62163dcfb046d1ba08e84fd63a986b65feba5ab2.dll,#1
2⤵
PID:4560