6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb

Analysis

max time kernel
104s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 10:54

Target

6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb.dll
Size

77KB
MD5

6a2bd73d66c8cf758919333cd3082430
SHA1

70ef8f930b63e0bcf71e253de7d6c5e5aa0cd35c
SHA256

6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb
SHA512

05f4335bc299831f656eb275e89cedd0ae0a4270028cabe49d0a23eb36ae53183193b0a563df13d96e4b99e88583f3b96880756d94a81ed7793d3a78407fd2d4
SSDEEP

1536:8xdfzUO04U6muNMzgxu+KqaFsJqMOCJSN1As/FPpFGVNU:uxzUUHmuNMzJ+KO83CJSNC4PpwnU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 4212	4636	rundll32.exe	81
PID 4636 wrote to memory of 4212	4636	rundll32.exe	81
PID 4636 wrote to memory of 4212	4636	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6049088fb6702ef1479edf1797f52ffad103e2304b5d6c1b5383ee44e6dad2bb.dll,#1
  2⤵
  PID:4212