6dcbddc6d1d884edf703a59a5bddd0b2d25000ad0fd9cae94220f06ed3b23109

Analysis

max time kernel
158s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 17:45

Target

6dcbddc6d1d884edf703a59a5bddd0b2d25000ad0fd9cae94220f06ed3b23109.dll
Size

2.1MB
MD5

fe9788aaff72633c1a3f2dff476e13e3
SHA1

9e81df1604f6b0de4d2e94f13d1bcf97e0da6f6c
SHA256

6dcbddc6d1d884edf703a59a5bddd0b2d25000ad0fd9cae94220f06ed3b23109
SHA512

35e58f61ca695449be3e9a00c7a99b8979fbb2029068a75bc0b3ef46174ea42749b6f11755f217e968f16d7facb4011d727da32321e504487da8a3f3e70bb187
SSDEEP

12288:qZxmgDEovneTRYDNSMNXkYstyv4867DG7gURjKHrj8IG4liLIlhGG7JT:qZxtTvARYx9NXtstf8X7bXR4l1hv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 3604	4976	rundll32.exe	86
PID 4976 wrote to memory of 3604	4976	rundll32.exe	86
PID 4976 wrote to memory of 3604	4976	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6dcbddc6d1d884edf703a59a5bddd0b2d25000ad0fd9cae94220f06ed3b23109.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6dcbddc6d1d884edf703a59a5bddd0b2d25000ad0fd9cae94220f06ed3b23109.dll,#1
  2⤵
  PID:3604