c6fbc0d93a30fe5c4cce1f766d4ec2f76b8d8a76fdef983b03697f3adc7fd782

Analysis

max time kernel
185s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 05:24

Target

c6fbc0d93a30fe5c4cce1f766d4ec2f76b8d8a76fdef983b03697f3adc7fd782.dll
Size

92KB
MD5

0c881b62f9e248b482465fbe91d3ef20
SHA1

48265d6956e66e243ac6e5c8363b287fadaf3cc1
SHA256

c6fbc0d93a30fe5c4cce1f766d4ec2f76b8d8a76fdef983b03697f3adc7fd782
SHA512

35445fa3d1403a20bf0aaa20f1b219e71c1f36f3e7a0aaed87ba89c37b5344b71565707efcdde968e284044dd7258e9d776dc5a9d510e77c497c189f5a4e5b3f
SSDEEP

1536:ACtHYC1QPat6NpnbEi/pL7jkQuPCuFGYspZ4ljURDoQsbSpToBwMmpdoXm:Ai4IdgNpndp7jkQu6uFGY4wjU46oBwDF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2060	2688	rundll32.exe	84
PID 2688 wrote to memory of 2060	2688	rundll32.exe	84
PID 2688 wrote to memory of 2060	2688	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6fbc0d93a30fe5c4cce1f766d4ec2f76b8d8a76fdef983b03697f3adc7fd782.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6fbc0d93a30fe5c4cce1f766d4ec2f76b8d8a76fdef983b03697f3adc7fd782.dll,#1
  2⤵
  PID:2060

memory/2060-133-0x00000000012A0000-0x00000000012AA000-memory.dmp

Filesize
40KB

Download
memory/2060-135-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/2060-137-0x00000000012A0000-0x00000000012AA000-memory.dmp

Filesize
40KB

Download
memory/2060-138-0x00000000012A0000-0x00000000012AA000-memory.dmp

Filesize
40KB

Download