6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 17:22

Target

6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1.dll
Size

2.0MB
MD5

739a0ea41ffd97509fb96be2163bb141
SHA1

13039cad709fb5346c41e407621e38008f0c5264
SHA256

6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1
SHA512

29cdd811d26a315f6d46c371aca95eec30ab9f8ef71a8d5425e93362a895b6c27028a73aa32fab14dff3afbcc88540098463483dee7a2f78d7bf788eef72be40
SSDEEP

49152:BsqJ+e+nW1/MEhy+seOvVQk7oWqRP5F1YiRT6FeHgproEZcTI:aqJ+/0/MCyamQk7w5VYosZsEZeI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 448	2340	rundll32.exe	83
PID 2340 wrote to memory of 448	2340	rundll32.exe	83
PID 2340 wrote to memory of 448	2340	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1.dll,#1
  2⤵
  PID:448