6ff6109749baf7c0b09e10bbefdc68bae2446e784ea986a90b891deb4e2bd31f

Analysis

max time kernel
94s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 11:47

Target

6ff6109749baf7c0b09e10bbefdc68bae2446e784ea986a90b891deb4e2bd31f.dll
Size

36KB
MD5

4561498340637205714f7211715a3788
SHA1

75b4567d1b74e566f5ce9ce9ae984732b477bd38
SHA256

6ff6109749baf7c0b09e10bbefdc68bae2446e784ea986a90b891deb4e2bd31f
SHA512

dc449aa5af3876830c649d5218df6dc440228720ba50f15acea8d259a28f953e709ff19e73e198358e7dc6957dccf38f2bc215cdec3a3846fbe4976f237a40c6
SSDEEP

768:C39aZ/adyHjt2hLFsTGOsk23NZtju/eEl:0+t2hLFsTGO0JuG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 212	2616	rundll32.exe	87
PID 2616 wrote to memory of 212	2616	rundll32.exe	87
PID 2616 wrote to memory of 212	2616	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ff6109749baf7c0b09e10bbefdc68bae2446e784ea986a90b891deb4e2bd31f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ff6109749baf7c0b09e10bbefdc68bae2446e784ea986a90b891deb4e2bd31f.dll,#1
  2⤵
  PID:212