6b6c726d67413b0ae065c993cfb35084f29a54b286babb0630cb11f56d8de4b9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:18

Target

6b6c726d67413b0ae065c993cfb35084f29a54b286babb0630cb11f56d8de4b9.dll
Size

116KB
MD5

db44e0369ae9fb65ce5616672b33bc00
SHA1

1b61fe155ef8972d3297cd347ac4fdbe02927b18
SHA256

6b6c726d67413b0ae065c993cfb35084f29a54b286babb0630cb11f56d8de4b9
SHA512

4fb229fbd5b7f8be9cc249c3b2176eee3bc01f64aa3e372e71a4f903c585e81bb6db9ff85dc6a84e3ea7c854303895474ef39b5ec02cfc85226ef7899638c727
SSDEEP

1536:vNzQV9+M4SMb6fWganQQUGzVmoV2OArxj6X/W/xfKzKKzSWtaFZDVu/2g:v9QwXVnxtzsg2OArR6X+xKelFtVE2g

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3752 wrote to memory of 4880	3752	rundll32.exe	rundll32.exe
PID 3752 wrote to memory of 4880	3752	rundll32.exe	rundll32.exe
PID 3752 wrote to memory of 4880	3752	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b6c726d67413b0ae065c993cfb35084f29a54b286babb0630cb11f56d8de4b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b6c726d67413b0ae065c993cfb35084f29a54b286babb0630cb11f56d8de4b9.dll,#1
2⤵
PID:4880