6f11640720eb5ab382bf05cfd5edfe2890b0a3ea7855fd7f2ef70607c7493f25

Analysis

max time kernel
137s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 07:25

Target

6f11640720eb5ab382bf05cfd5edfe2890b0a3ea7855fd7f2ef70607c7493f25.dll
Size

360KB
MD5

6f5a9d822dddb6e9d034567c77226b42
SHA1

19bf6b97f197edef98ec0b7cfdf3d620559140e4
SHA256

6f11640720eb5ab382bf05cfd5edfe2890b0a3ea7855fd7f2ef70607c7493f25
SHA512

4ae39f52c656664f5f614b9d6d5060fb791af262e924fd77cf0a946b1e544b55bfad1aa3852497cf1c3f6db27532ac1028d65731a3a2f60c1f9a510a7e2c1bde
SSDEEP

6144:bwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:EkI4nJmRz9PGGjkrgoN9Ppymfkn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4808	4868	rundll32.exe	81
PID 4868 wrote to memory of 4808	4868	rundll32.exe	81
PID 4868 wrote to memory of 4808	4868	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f11640720eb5ab382bf05cfd5edfe2890b0a3ea7855fd7f2ef70607c7493f25.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f11640720eb5ab382bf05cfd5edfe2890b0a3ea7855fd7f2ef70607c7493f25.dll,#1
  2⤵
  PID:4808

memory/4808-134-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download
memory/4808-135-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download