6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1

Analysis

max time kernel
92s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
13-07-2024 17:22

Target

6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1.dll
Size

2.0MB
MD5

739a0ea41ffd97509fb96be2163bb141
SHA1

13039cad709fb5346c41e407621e38008f0c5264
SHA256

6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1
SHA512

29cdd811d26a315f6d46c371aca95eec30ab9f8ef71a8d5425e93362a895b6c27028a73aa32fab14dff3afbcc88540098463483dee7a2f78d7bf788eef72be40
SSDEEP

49152:BsqJ+e+nW1/MEhy+seOvVQk7oWqRP5F1YiRT6FeHgproEZcTI:aqJ+/0/MCyamQk7w5VYosZsEZeI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 4632	4880	rundll32.exe	81
PID 4880 wrote to memory of 4632	4880	rundll32.exe	81
PID 4880 wrote to memory of 4632	4880	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f30f133e87c46adbc90a47d58028decd8d6e5cc43dc4ae1203b24d9e23c34c1.dll,#1
  2⤵
  PID:4632