6bf7f9e39c9602bd97814ea9c3a346e8dc624daf3670bc4586957ac18d34ad39

Analysis

max time kernel
222s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:41

Target

6bf7f9e39c9602bd97814ea9c3a346e8dc624daf3670bc4586957ac18d34ad39.dll
Size

255KB
MD5

badd15a0bb29d9acecaf12bb642d8080
SHA1

ff257d0be4199692c46e988c87a29a5067e88a48
SHA256

6bf7f9e39c9602bd97814ea9c3a346e8dc624daf3670bc4586957ac18d34ad39
SHA512

220cf9bf77c5ea80cc89a3a55da9976817d28f0e888efc7be049b5a8f7a5c15c14e2da532601d5ba5fd7b53ef43bd1c0a9b64fc47e24b3a4dc14a2d257f8ceb7
SSDEEP

3072:HQZX4vr1VAw0AWfdN2AGTVyLi5ETDG642LD9gZoyJQkCtWPnOdX:HQZX4vrBPLRvQkKWP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 4604	1152	rundll32.exe	81
PID 1152 wrote to memory of 4604	1152	rundll32.exe	81
PID 1152 wrote to memory of 4604	1152	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf7f9e39c9602bd97814ea9c3a346e8dc624daf3670bc4586957ac18d34ad39.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bf7f9e39c9602bd97814ea9c3a346e8dc624daf3670bc4586957ac18d34ad39.dll,#1
  2⤵
  PID:4604

memory/4604-133-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download