6dfecb2e4e59180a016c849242d6e52686f19196d05241079cc2150a4e4c1838

Analysis

max time kernel
121s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2022, 23:24

Target

6dfecb2e4e59180a016c849242d6e52686f19196d05241079cc2150a4e4c1838.dll
Size

36KB
MD5

24c0b97981920825fa9d0dad5771a124
SHA1

897776d8fb8e67886ed21959efe5872b6b9ea710
SHA256

6dfecb2e4e59180a016c849242d6e52686f19196d05241079cc2150a4e4c1838
SHA512

2ff46f8b2c92d12ea6ed6cbd595cab1e295daa7ca1435cf2e8aa4a08d3ed5b18800cd966f59ec4bdd925f90b30317025e3bfb182f37355012f0ca58cb16cae06
SSDEEP

768:uldjeazLJ73PSindj9tuVqFqH7Pdvlr5hCD8ROjMV:ujjeUJ73PRtuVq67F9lQgROji

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 1924	3176	rundll32.exe	83
PID 3176 wrote to memory of 1924	3176	rundll32.exe	83
PID 3176 wrote to memory of 1924	3176	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6dfecb2e4e59180a016c849242d6e52686f19196d05241079cc2150a4e4c1838.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6dfecb2e4e59180a016c849242d6e52686f19196d05241079cc2150a4e4c1838.dll,#1
  2⤵
  PID:1924