221422099559ed9d64b2eda6db90147bdde89d824d347744e58b8e310bb2395f

Analysis

max time kernel
145s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:20

Target

6e0f135a5d871aa07ef253f7b1232094.dll
Size

840KB
MD5

6e0f135a5d871aa07ef253f7b1232094
SHA1

d7f2e45982595cb8de5532694652ec105dd66e58
SHA256

221422099559ed9d64b2eda6db90147bdde89d824d347744e58b8e310bb2395f
SHA512

31534ccc97d03ed7adedf7bc036900840bf9e3dcf2357979ce6569fba48757ea7f6429e4ca6a60eeb89614026b9c16da188b52e123ebc8ae7b5a4d90681c0da2
SSDEEP

12288:da2rlp6vp+0dvsKTh0Zz54Dig6l+IstivWNjZAxESLDtRsmy7:daaSp+GpOxYigoFstuWNjZAxEAs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 816	4340	rundll32.exe	14
PID 4340 wrote to memory of 816	4340	rundll32.exe	14
PID 4340 wrote to memory of 816	4340	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e0f135a5d871aa07ef253f7b1232094.dll,#1
1⤵
PID:816

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e0f135a5d871aa07ef253f7b1232094.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4340