a6db680074e6b2afd7ea090dfc825e2bed714da34642f2c1d6efdeb108766305

Analysis

max time kernel
138s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 08:32

Target

a6db680074e6b2afd7ea090dfc825e2bed714da34642f2c1d6efdeb108766305.dll
Size

19KB
MD5

229bf3db6110226dff82c8f3f7a98093
SHA1

3cdfbfe0f32da0a7b6ffbd29b55c634b4c06a593
SHA256

a6db680074e6b2afd7ea090dfc825e2bed714da34642f2c1d6efdeb108766305
SHA512

4375ba2a7058029b5b877898eb0e74f79de357cac243585e8493da4687b505a3b377a3578d941502ccf4a03a9fbce7524843298f165f1a87224b84dcc7774061
SSDEEP

384:qfcULzRLfZ6iw/GeFXHquGppJQZ5Bnkd4:acWRzoouzZLkd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4156	5008	rundll32.exe	81
PID 5008 wrote to memory of 4156	5008	rundll32.exe	81
PID 5008 wrote to memory of 4156	5008	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6db680074e6b2afd7ea090dfc825e2bed714da34642f2c1d6efdeb108766305.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6db680074e6b2afd7ea090dfc825e2bed714da34642f2c1d6efdeb108766305.dll,#1
  2⤵
  PID:4156

memory/4156-133-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download