6cecdb9690cfe53acd13cf9ec13359a32be2e84d1c3c515cdb81bb8c6e5b9eca

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 22:42

Target

6cecdb9690cfe53acd13cf9ec13359a32be2e84d1c3c515cdb81bb8c6e5b9eca.dll
Size

81KB
MD5

7ab914bd2470f6510a10e26a7fef239f
SHA1

d0e10dbcc7346f24b98b2f421ec58fb00b54b02a
SHA256

6cecdb9690cfe53acd13cf9ec13359a32be2e84d1c3c515cdb81bb8c6e5b9eca
SHA512

6c10de94299b58e119385d9223e007759ac3ea376dea6170ee8ee4f045adea267552e9414f3f744dfb6a4894af750785d61f64e59b5f5a7649f3d2838368682f
SSDEEP

1536:TtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WY:T4v4JKXTx71w0ArSsXF3enq8WY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 1612	4424	rundll32.exe	81
PID 4424 wrote to memory of 1612	4424	rundll32.exe	81
PID 4424 wrote to memory of 1612	4424	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cecdb9690cfe53acd13cf9ec13359a32be2e84d1c3c515cdb81bb8c6e5b9eca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6cecdb9690cfe53acd13cf9ec13359a32be2e84d1c3c515cdb81bb8c6e5b9eca.dll,#1
  2⤵
  PID:1612