06d3306030808032e4a1e158648e71754cee94db3a5083cc36bc01c11f55c6f5

Analysis

max time kernel
91s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 11:05

Target

06d3306030808032e4a1e158648e71754cee94db3a5083cc36bc01c11f55c6f5.dll
Size

159KB
MD5

2803877c9d861185f8b07716b3643b50
SHA1

b231e60e7209a5f4f8fa466f7837ed12b6a4703d
SHA256

06d3306030808032e4a1e158648e71754cee94db3a5083cc36bc01c11f55c6f5
SHA512

38c5cf752c0c2c7ac05f8a8098601487cab2ffa475171234f2fc12411336b4f3f2ed035d8fc841543af132c3f84cd3679a7317bf573ef3f4a574de1afaaa4ea3
SSDEEP

3072:A7pmNyxvfGcCVNEPhf29RZvOzmuTBhFCcTGKXZ:A7pmNQfTCVNU1BhFCci

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4540	4964	rundll32.exe	81
PID 4964 wrote to memory of 4540	4964	rundll32.exe	81
PID 4964 wrote to memory of 4540	4964	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06d3306030808032e4a1e158648e71754cee94db3a5083cc36bc01c11f55c6f5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06d3306030808032e4a1e158648e71754cee94db3a5083cc36bc01c11f55c6f5.dll,#1
  2⤵
  PID:4540

memory/4540-136-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download