6d84cf1f66499bf95af493dc70a7b3b6e4b265b84e1655f5c211fc9674e0751c

Analysis

max time kernel
118s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 04:21

Target

6d84cf1f66499bf95af493dc70a7b3b6e4b265b84e1655f5c211fc9674e0751c.dll
Size

60KB
MD5

44d4a85e68bc022c46b22e07825cb5d0
SHA1

010418cd96bb7b0476979f3d5a04e959273edff4
SHA256

6d84cf1f66499bf95af493dc70a7b3b6e4b265b84e1655f5c211fc9674e0751c
SHA512

8e00fffc600ce9d25efe685d697bfb8037ec71455c849d8f9eff84273ef3ceb0662bd0badb1cc2263124fbc0b6a481910264b7edb2ea5093f39bbc4e509e247e
SSDEEP

1536:mPO6KEVbsVP0gcZGIcGmFXWY0uK2+0NkwEMCfLLP4g15ZqLe1Wrjr:cMEVbsVc3pcBs8+6E9LQgDZYe0r3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 676 wrote to memory of 4972	676	rundll32.exe	82
PID 676 wrote to memory of 4972	676	rundll32.exe	82
PID 676 wrote to memory of 4972	676	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d84cf1f66499bf95af493dc70a7b3b6e4b265b84e1655f5c211fc9674e0751c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d84cf1f66499bf95af493dc70a7b3b6e4b265b84e1655f5c211fc9674e0751c.dll,#1
  2⤵
  PID:4972