6bb05289aba3956f6990f8d05060b901fb6ef27e23fc558a45467a939469bbc0

Analysis

max time kernel
139s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:36

Target

6bb05289aba3956f6990f8d05060b901fb6ef27e23fc558a45467a939469bbc0.dll
Size

61KB
MD5

6788568a9e8ed3b26a2c254a16cd612f
SHA1

0809e173688c591dfbaaadec2f129eb0b9cda649
SHA256

6bb05289aba3956f6990f8d05060b901fb6ef27e23fc558a45467a939469bbc0
SHA512

bc9442b493ef4b246bcaa281c82a6703bae71f594ddd424b219453c1c44f6bb2d4d7db05a4ab9c5bea7d7171a6d58358f7bbe06cd8f1761b278e7f1ed1e57f80
SSDEEP

768:z3OHS8KOzs2dqA6LnXrp1OFbaV67DXkbYJzgnuChVvGeDND6oBXYWtW4VShR9N0y:yHZQAqASXrPVMDXMuotDLqWV2TKy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 4868	4764	rundll32.exe	82
PID 4764 wrote to memory of 4868	4764	rundll32.exe	82
PID 4764 wrote to memory of 4868	4764	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bb05289aba3956f6990f8d05060b901fb6ef27e23fc558a45467a939469bbc0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bb05289aba3956f6990f8d05060b901fb6ef27e23fc558a45467a939469bbc0.dll,#1
  2⤵
  PID:4868