f006dc8144b3257b61cb5f6d9c0d8469192b5075672558f93e765fe605d804e7

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 11:15

Target

f006dc8144b3257b61cb5f6d9c0d8469192b5075672558f93e765fe605d804e7.dll
Size

652KB
MD5

1bb37dd554036c067dee776ec1c33306
SHA1

fb3a590156367522622da6622d92427e4d9d48a1
SHA256

f006dc8144b3257b61cb5f6d9c0d8469192b5075672558f93e765fe605d804e7
SHA512

fa5deb527ef66134f4638ef4c9241adf55cf878f3f3e65c40b7f2624d80510a7d691af9e2c218a6bcd374b93afe2a596c4cf5d8b52ff9853c22a1d67dfe44a7b
SSDEEP

12288:k5sCCcX17J+2KLRq+Kg71VqwsBb1qVBQWHBTDtSYa0ZbtonAyKa7a:VCCcC3U+Kg71Iw+1ETxa0ZOARaW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 856	1212	rundll32.exe	85
PID 1212 wrote to memory of 856	1212	rundll32.exe	85
PID 1212 wrote to memory of 856	1212	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f006dc8144b3257b61cb5f6d9c0d8469192b5075672558f93e765fe605d804e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f006dc8144b3257b61cb5f6d9c0d8469192b5075672558f93e765fe605d804e7.dll,#1
  2⤵
  PID:856