f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e

Analysis

max time kernel
134s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:56

Target

f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll
Size

11KB
MD5

2797a8300657cfbdd5bf81a9b3c3cbe8
SHA1

8fd231eca4da2514bb372d0e1c9da480d13382de
SHA256

f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e
SHA512

82bec7d163e36dc0f2127586db182cbc64fea11990efa607758ea05e09c2289335c5be9ce6b7a7ce4ff54c459bf7177a271029e83c31e7044740f1d595699f5f
SSDEEP

192:RRuKUt5m3v7JEveUCKG85Lxzbu9jvMl2N98MgK3dU0c/uhYhALq4hoxkTinfR14c:/uKTjJdSGILxuZ5Nntc/uecqqk5fR1AM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4236 wrote to memory of 4120	4236	rundll32.exe	rundll32.exe
PID 4236 wrote to memory of 4120	4236	rundll32.exe	rundll32.exe
PID 4236 wrote to memory of 4120	4236	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4236

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll,#1
2⤵
PID:4120

memory/4120-135-0x0000000000000000-mapping.dmp

Download
memory/4120-136-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download