6680423c866212b090b6ddbf9403d30cb0ccac919e07f7b433751d83e8d2c44b

Analysis

max time kernel
189s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 05:10

Target

6680423c866212b090b6ddbf9403d30cb0ccac919e07f7b433751d83e8d2c44b.dll
Size

19.6MB
MD5

2215b8a90d323d9c82c3d7d03cb85a60
SHA1

240177c4bf3567ea1744fbdc2803dc5811a28113
SHA256

6680423c866212b090b6ddbf9403d30cb0ccac919e07f7b433751d83e8d2c44b
SHA512

d25c271c4b1b16e827486e61d4f351c69a9da5656aa19933e31883e9f3a2f6d287af5d0a81372153eaab3793545cb446a7c1e8a90a9e55bfe560aac0dc96ef76
SSDEEP

384:+2y6K867Tn9i6+Xiyo07PEWUJOoH8HoI0I/YD/tuSAPcWPno7gULnYHKe:H967Tn91+SjXQoHy7YD/tiPnoiL

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 1028	376	rundll32.exe	79
PID 376 wrote to memory of 1028	376	rundll32.exe	79
PID 376 wrote to memory of 1028	376	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6680423c866212b090b6ddbf9403d30cb0ccac919e07f7b433751d83e8d2c44b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6680423c866212b090b6ddbf9403d30cb0ccac919e07f7b433751d83e8d2c44b.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028