4b6f666b4423c3f803ff705ba8373f90db150107a6ed58d8e6e5e58cca079329

Analysis

max time kernel
168s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 19:45

Target

4b6f666b4423c3f803ff705ba8373f90db150107a6ed58d8e6e5e58cca079329.dll
Size

10KB
MD5

c748f11dac04d417d620028a9725702c
SHA1

59ac1a5806be675889e4c8dd59ad2e0f6f3a1d23
SHA256

4b6f666b4423c3f803ff705ba8373f90db150107a6ed58d8e6e5e58cca079329
SHA512

c0650b513a22786a9ffc92a634c7a5593912af91f1dcbf52c562322f3ce6175d0956f0fc325617d2154b9204abcc06b38b0ac12624eafce024b72ba4a3f4ffda
SSDEEP

192:41mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o9wb:48jhdHad/z20IyFWakC84dWaWak8cdWZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 2192	1012	rundll32.exe	81
PID 1012 wrote to memory of 2192	1012	rundll32.exe	81
PID 1012 wrote to memory of 2192	1012	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b6f666b4423c3f803ff705ba8373f90db150107a6ed58d8e6e5e58cca079329.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b6f666b4423c3f803ff705ba8373f90db150107a6ed58d8e6e5e58cca079329.dll,#1
  2⤵
  PID:2192

memory/2192-132-0x0000000000000000-mapping.dmp

Download
memory/2192-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download