6e6b6d685d81c31a7d8d64a7f1fddd564f0a856438a0089b0ab4435751298b4d

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:24

Target

6e6b6d685d81c31a7d8d64a7f1fddd564f0a856438a0089b0ab4435751298b4d.dll
Size

4KB
MD5

347c1d4b5763c033542965d10b1c8d20
SHA1

94b3059084f2b449d2a5f7e48038712a048cebad
SHA256

6e6b6d685d81c31a7d8d64a7f1fddd564f0a856438a0089b0ab4435751298b4d
SHA512

9ab8cf9358e90634fdfc7a421b84b6f857106cb8207c8e2e6a94f35a377b6e9a38abba53a6d8bc329c6a9b28ba66bc68f57fc57d49efb91192e4ffa1cc351676
SSDEEP

48:a7Q2voyT+Bt5a9Mmu0/VEM4oJ8s6Isa8adMwqMA:qT+ZKLpVjRWs/gaqZMA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1888	1756	rundll32.exe	80
PID 1756 wrote to memory of 1888	1756	rundll32.exe	80
PID 1756 wrote to memory of 1888	1756	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e6b6d685d81c31a7d8d64a7f1fddd564f0a856438a0089b0ab4435751298b4d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e6b6d685d81c31a7d8d64a7f1fddd564f0a856438a0089b0ab4435751298b4d.dll,#1
  2⤵
  PID:1888