6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa

Analysis

max time kernel
123s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 19:46

Target

6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll
Size

178KB
MD5

a6388cb39600c65a4fc195e84fabae5f
SHA1

24fc54281c2b9267e28a4afc9881c875a6d603e1
SHA256

6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa
SHA512

a3d804181cb8d1844aaa05e47b5129a11216d291a1285999ffae56f38c9d9a395e58d6358e2880b9320b593655fc3acfc5b331548d8c92826eed4eeedf6f3ef0
SSDEEP

3072:GP9mKdRX7jneMx6wkvAD2Uxh+K2V5z7I+eHrr1O2I+Nq20V623T5OhvvVK:D8awdD2Waz7vOQ2lOfTYhXE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4448 wrote to memory of 1536	4448	rundll32.exe	rundll32.exe
PID 4448 wrote to memory of 1536	4448	rundll32.exe	rundll32.exe
PID 4448 wrote to memory of 1536	4448	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll,#1
2⤵
PID:1536

memory/1536-133-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download