6e64688908428b55c61969493bed4f735997fa8aca35e9f8208356359bbdccdc

Analysis

max time kernel
182s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 13:47

Target

6e64688908428b55c61969493bed4f735997fa8aca35e9f8208356359bbdccdc.dll
Size

32KB
MD5

299677e97f678532087e3eb800742eb0
SHA1

d2259b21dc4e1c46108329382a9e28a375441594
SHA256

6e64688908428b55c61969493bed4f735997fa8aca35e9f8208356359bbdccdc
SHA512

31e561383fbf30a7a564591d010a97bb0e3753bd129c0fde376a7126dee32891753a858b6532c6df5be6a8a850635dabf8b43b6902689d1fdcb076ab6c511d85
SSDEEP

768:UdNg0gH2ylecZnUOs7Qvia8GqOiRag+mx:UdNg0e9ZA7Qvia2ZRj+c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 2344	3304	rundll32.exe	82
PID 3304 wrote to memory of 2344	3304	rundll32.exe	82
PID 3304 wrote to memory of 2344	3304	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e64688908428b55c61969493bed4f735997fa8aca35e9f8208356359bbdccdc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e64688908428b55c61969493bed4f735997fa8aca35e9f8208356359bbdccdc.dll,#1
  2⤵
  PID:2344