6b7bf534af008ee6bcb099185b1317e27d2fae19abc6e8f7fd5b9fae76ee1f23

Analysis

max time kernel
317s
max time network
394s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 13:37

Target

6b7bf534af008ee6bcb099185b1317e27d2fae19abc6e8f7fd5b9fae76ee1f23.dll
Size

389KB
MD5

c7b7ec3b5b96d9ba7dcb2977de31986f
SHA1

3a64c9a4c4a8fc07846919076dbfbab0d0bd3a26
SHA256

6b7bf534af008ee6bcb099185b1317e27d2fae19abc6e8f7fd5b9fae76ee1f23
SHA512

2361bd601334acca0ee4b09892e6cbac85b6f064f5b30f3ae0814ae54ba5c6afc81e219b5c1967d59f26a6b762dde181f44e3f79a0e07cff8eb3d546a74fbe33
SSDEEP

6144:GDqR9Lz4yS+UGSRY4Sn5mqd+c6dFU9Rw1/t25W:GDI9Ls9tw5ocZRe/0W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 2484	3256	rundll32.exe	80
PID 3256 wrote to memory of 2484	3256	rundll32.exe	80
PID 3256 wrote to memory of 2484	3256	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b7bf534af008ee6bcb099185b1317e27d2fae19abc6e8f7fd5b9fae76ee1f23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b7bf534af008ee6bcb099185b1317e27d2fae19abc6e8f7fd5b9fae76ee1f23.dll,#1
  2⤵
  PID:2484

memory/2484-133-0x0000000010000000-0x0000000010069000-memory.dmp

Filesize
420KB

Download
memory/2484-134-0x0000000010000000-0x0000000010069000-memory.dmp

Filesize
420KB

Download