6ebcb29e2b662b6856fd22ac22e77eb9913b46621def2c2afdce35cb7df0f1c2

Analysis

max time kernel
193s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 23:01

Target

6ebcb29e2b662b6856fd22ac22e77eb9913b46621def2c2afdce35cb7df0f1c2.dll
Size

116KB
MD5

d861edf6c78ad0a0ebd6cd68137767ed
SHA1

535f89440a936b94e303afb14ee3f37e8c855242
SHA256

6ebcb29e2b662b6856fd22ac22e77eb9913b46621def2c2afdce35cb7df0f1c2
SHA512

f882194c306f88e46d66e34a5065549a98efcfd6c3417ecc31d0ba5c08e9710771553ed2b27f29ca408507044a54c32ebfc0ceac70b8bd6ee7af5cdf05a8cae9
SSDEEP

3072:O22i653Fz2rbQ7pzaIc8Z7gO/HuNsisTaxm:OLpc8lgaLi5c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 2848	1440	rundll32.exe	80
PID 1440 wrote to memory of 2848	1440	rundll32.exe	80
PID 1440 wrote to memory of 2848	1440	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ebcb29e2b662b6856fd22ac22e77eb9913b46621def2c2afdce35cb7df0f1c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ebcb29e2b662b6856fd22ac22e77eb9913b46621def2c2afdce35cb7df0f1c2.dll,#1
  2⤵
  PID:2848