c6a9bbedce57f3f2eec1dd43256db5ee522b44467713f5b7137f945addb012ec

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 05:09

Target

c6a9bbedce57f3f2eec1dd43256db5ee522b44467713f5b7137f945addb012ec.dll
Size

71KB
MD5

79955abe196077d06793dcd577690455
SHA1

0e74ba46681eb237bb95a3ffef4ae1c67fd239a1
SHA256

c6a9bbedce57f3f2eec1dd43256db5ee522b44467713f5b7137f945addb012ec
SHA512

bfbb0c42287ce21fdebc289f887ee56c5959857044dbb1e9e81f19544a50cd8486f5f9fbfbaa74a39d9f72cee9c6ac431b0c11cbcdac1608276f592fd6dbdfaf
SSDEEP

1536:nd9x79qNJiGnhosvkO7u6j/JjfQOVRVcoX1BS0p/2hrkVLVConOnV:d999qfiZYuAJjX7erkOnV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 4796	4748	rundll32.exe	82
PID 4748 wrote to memory of 4796	4748	rundll32.exe	82
PID 4748 wrote to memory of 4796	4748	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6a9bbedce57f3f2eec1dd43256db5ee522b44467713f5b7137f945addb012ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6a9bbedce57f3f2eec1dd43256db5ee522b44467713f5b7137f945addb012ec.dll,#1
  2⤵
  PID:4796

memory/4796-132-0x0000000000000000-mapping.dmp

Download
memory/4796-133-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download