6348488dcccde9a495168c9a9e53758ff58d06e930a96f4c4ce8f64adbc809e8

Analysis

max time kernel
97s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2023 20:48

Target

6348488dcccde9a495168c9a9e53758ff58d06e930a96f4c4ce8f64adbc809e8.dll
Size

272KB
MD5

cca0abea2393634e4bc430510b464efe
SHA1

7818bd25d95f427d6828524fe15ce0cb9cb7784e
SHA256

6348488dcccde9a495168c9a9e53758ff58d06e930a96f4c4ce8f64adbc809e8
SHA512

3ff913f0beb050d63903b13b2e680fa76f0221629b7dd2ecafc5afd1d998c3ef621732df0db13f3a2bea23e5e33f3de31440eb9ca029303193fda9c07f073951
SSDEEP

3072:uBcYHz2bMT+Ce9MyZbnJOFaJUwT8qahl/t7GRweO4ctBADUREyMec4O/:uBcYHz2bMTk9MoYaKm8NUtsAu4V4S

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4700 wrote to memory of 4304	4700	rundll32.exe	rundll32.exe
PID 4700 wrote to memory of 4304	4700	rundll32.exe	rundll32.exe
PID 4700 wrote to memory of 4304	4700	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6348488dcccde9a495168c9a9e53758ff58d06e930a96f4c4ce8f64adbc809e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4700

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6348488dcccde9a495168c9a9e53758ff58d06e930a96f4c4ce8f64adbc809e8.dll,#1
2⤵
PID:4304