6fc08181b1bfcd8eb6717130157bea98bdcf2746d2a0e7cf0a343fc7b2e16650

Analysis

max time kernel
130s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:59

Target

6fc08181b1bfcd8eb6717130157bea98bdcf2746d2a0e7cf0a343fc7b2e16650.dll
Size

6KB
MD5

98308cf38a336ed50c0a3352dc5b92a7
SHA1

991d4645acabfa24e9cd5c97ed1f716ac0afdff2
SHA256

6fc08181b1bfcd8eb6717130157bea98bdcf2746d2a0e7cf0a343fc7b2e16650
SHA512

99676c13fba7a36aca2cea68712d44099652bf8e3dcdb6c412590a7d34d4501f05e5fcd8f7f30d3577b2a85d2de3f20d1b2aacf9d0c430319bf84cfe4d79abd0
SSDEEP

96:nEY2RrF1eqwi4/wvaVa2DFZ35/Uy3V3Kq:EHRh1epp/Q6JZ35cy3V3Kq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4964 wrote to memory of 3452	4964	rundll32.exe	rundll32.exe
PID 4964 wrote to memory of 3452	4964	rundll32.exe	rundll32.exe
PID 4964 wrote to memory of 3452	4964	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fc08181b1bfcd8eb6717130157bea98bdcf2746d2a0e7cf0a343fc7b2e16650.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4964

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6fc08181b1bfcd8eb6717130157bea98bdcf2746d2a0e7cf0a343fc7b2e16650.dll,#1
2⤵
PID:3452