b6a6c09efa27451b4ebbb7cfd2096ea6be3dfa99059934988e8a660b3d207f32

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:29

Target

b6a6c09efa27451b4ebbb7cfd2096ea6be3dfa99059934988e8a660b3d207f32.dll
Size

4KB
MD5

498600efe3debb17eced680679b928c0
SHA1

0235c7266556d3da56ab842cd4abdc49ecab1ec5
SHA256

b6a6c09efa27451b4ebbb7cfd2096ea6be3dfa99059934988e8a660b3d207f32
SHA512

fa6d5a169de9ba4be0bff6e7f2a11bf83afa5147e9491b5d0120082b64ada934193f8519a3f06ecfe9efa0baea5a3041c6fe0eec1d31b43f1f8a9655939bb121
SSDEEP

48:SWkO0IoyTnXz+ihZjokeWaR0yd81RsrlZC3/dm63fJG:ZJTnXzvokfyC1g/o/l3BG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 4852	4800	rundll32.exe	81
PID 4800 wrote to memory of 4852	4800	rundll32.exe	81
PID 4800 wrote to memory of 4852	4800	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6a6c09efa27451b4ebbb7cfd2096ea6be3dfa99059934988e8a660b3d207f32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6a6c09efa27451b4ebbb7cfd2096ea6be3dfa99059934988e8a660b3d207f32.dll,#1
  2⤵
  PID:4852