6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e

Analysis

max time kernel
146s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 17:33

Target

6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e.dll
Size

692KB
MD5

8510a055c905370d30adec4e7a3c6270
SHA1

b27027bddbcaa6978809d6779a42905d51e1aae6
SHA256

6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e
SHA512

60ed2f6386bed3ce67bf673c3ebe9867031b4fe06a1d9e34a0d9305e298d8494b419833ac6943dcf3abf4b4a8b1dd1d664b9b8149a17e308a1ee7fd668f2cbfd
SSDEEP

12288:oD6/eg58EEPEec/027NGqcDrbQUw31/KyLaM+QJt7/OboCDVyJ1tW0Y50QdQX:5yEXwoayJ17YOX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 5060	4244	rundll32.exe	81
PID 4244 wrote to memory of 5060	4244	rundll32.exe	81
PID 4244 wrote to memory of 5060	4244	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf8bb4a0a4e27482d6c4a97dbb2430be5e887b6703378be485cc168ba53326e.dll,#1
  2⤵
  PID:5060

memory/5060-133-0x0000000010000000-0x00000000100AE000-memory.dmp

Filesize
696KB

Download