6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff

Analysis

max time kernel
130s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 13:08

Target

6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff.dll
Size

11.3MB
MD5

1c8939ba6da7a93e5759955ff6ce2a9d
SHA1

ed9ea31c8c858b28702894c2aa87b345d3817005
SHA256

6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff
SHA512

a4c8337dbf3d47c93e5641e808353206d0082d9a7b5df0dfce074f55b9a2d79407d58ad2e6786a10d3b9c297feb139e0ffe70fcc27fcf68032d04142afc2bbcc
SSDEEP

196608:EfJ0F5aWDtp4OrNDweIJygTfiCBA/4OT1QO28XLELK8t:/aAtp4AFwcOi/gOT1QO28XLEu8

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 4372	1028	rundll32.exe	89
PID 1028 wrote to memory of 4372	1028	rundll32.exe	89
PID 1028 wrote to memory of 4372	1028	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4434e1e24599d384b0a1c4f2ab958c4d72fc7c2aa8a959d8987b39685620ff.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372

memory/4372-0-0x0000000073B20000-0x0000000074E1C000-memory.dmp

Filesize
19.0MB

Download
memory/4372-1-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4372-2-0x0000000073B20000-0x0000000074E1C000-memory.dmp

Filesize
19.0MB

Download