a6a5e2013a470559de3f7c755acedcc1088c3824cae778d6c8c76c16b22fe231

Analysis

max time kernel
134s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:07

Target

a6a5e2013a470559de3f7c755acedcc1088c3824cae778d6c8c76c16b22fe231.dll
Size

41KB
MD5

cc6d2f0d3e2982be8d1f37bb276e41a6
SHA1

a0d7993f265d19c0cd91070d68d84a24ee41a493
SHA256

a6a5e2013a470559de3f7c755acedcc1088c3824cae778d6c8c76c16b22fe231
SHA512

cea88dcdf6b6da2c894e234628d49784977de66bfbebe6b490195d622dceeac245d88b3ff429b3b6b0297e4db9bdde10e14a3b4278e8b2e1850f811bef9da67f
SSDEEP

768:SCpqFQtwmjmx+0jp61c4O99Yr3zhv8TUJmHps04BtzXBGkG+I8x:1pqFQVCNVdrYr3eUk8Vxa+Jx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2812 wrote to memory of 4732	2812	rundll32.exe	rundll32.exe
PID 2812 wrote to memory of 4732	2812	rundll32.exe	rundll32.exe
PID 2812 wrote to memory of 4732	2812	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6a5e2013a470559de3f7c755acedcc1088c3824cae778d6c8c76c16b22fe231.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2812

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6a5e2013a470559de3f7c755acedcc1088c3824cae778d6c8c76c16b22fe231.dll,#1
2⤵
PID:4732