a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779

Analysis

max time kernel
152s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 21:50

Target

a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll
Size

6KB
MD5

f7752012f56833ee613c55b65e68bc00
SHA1

84ffe73610559e79e06bb800f82f90f3f47d8b92
SHA256

a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779
SHA512

90edaf09a4d645bb6588e822c202a5eb5f4b54390168402d01b7393d51d19948041aa00ea3119f22fa938143ffacc04f5d69b1c97d0141992cb1b1403a00a7c9
SSDEEP

96:nEY2RrF1eqwi4nVi6/8At3monSYRPb+1DSk/Lp9W+hC0dN73GCThTXtlcyPQ:EHRh1eppbDrnD0HlcN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 5028	2580	rundll32.exe	54
PID 2580 wrote to memory of 5028	2580	rundll32.exe	54
PID 2580 wrote to memory of 5028	2580	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll,#1
  2⤵
  PID:5028