b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 10:45

Target

b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8.dll
Size

23KB
MD5

a33f002cb236db973b1cc51643d75745
SHA1

00586c90c2010a5c9a47cb75843cc0584d19061e
SHA256

b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8
SHA512

200ecaa30f6aed08d315e0c73e3c77c955c8b08732f1e1e85e47617cfc61b04391e58696cb58c7cb52540a4600a3fa40a7e196d9ae1cf9d092b63b01223c4958
SSDEEP

384:U56XxvaIHCKLoj7TpcoO1q76Ma72yWirfNi9rApN2bcXr8xZmWDJPKat3nd:UcDCKEnTpcoO1q7naIirfNiCnkcOQWVb

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\mssfc.dll	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 3868	916	rundll32.exe	79
PID 916 wrote to memory of 3868	916	rundll32.exe	79
PID 916 wrote to memory of 3868	916	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6cb5dc96107525e3d5d6a31e165fe8b87dbf3a35c807e639fc5bc1cb9cbf6f8.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:3868