6fdc05a051b7f6190b2f8db4d2732431e8c8bc42c60e582a3a2ef1b6fdaaea02

Analysis

max time kernel
185s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:32

Target

6fdc05a051b7f6190b2f8db4d2732431e8c8bc42c60e582a3a2ef1b6fdaaea02.dll
Size

66KB
MD5

597349de98710decc63820f507360520
SHA1

4a23f476075dfb6ebb6fb0e50123d0a9e9f5e0e5
SHA256

6fdc05a051b7f6190b2f8db4d2732431e8c8bc42c60e582a3a2ef1b6fdaaea02
SHA512

270a488f60e5a216d6a466a23a8776a839344e273f74b84791d0c84c33a6a3662a3b16cfe86bce576551a6dcb4bdf9e2883c9859a9eeb2c2c3b87fe318a41ada
SSDEEP

1536:YJEu0nVK3p4+S/XTSMnblJbiozDiF/eLGswwgzR8Ugn8:YmJnVK3p4//uaugiEnww3w

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 4800	1552	rundll32.exe	82
PID 1552 wrote to memory of 4800	1552	rundll32.exe	82
PID 1552 wrote to memory of 4800	1552	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fdc05a051b7f6190b2f8db4d2732431e8c8bc42c60e582a3a2ef1b6fdaaea02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fdc05a051b7f6190b2f8db4d2732431e8c8bc42c60e582a3a2ef1b6fdaaea02.dll,#1
  2⤵
  PID:4800