6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 17:22

Target

6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee.dll
Size

2.2MB
MD5

31e5c3357595a5664bfb64e6749fd200
SHA1

09bbb5236f1d023bbedab84507c089fd527c9899
SHA256

6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee
SHA512

4531bf9256472f1410623068edb924606d21ee610fd310e670de9f01c5fb2d4051a3131a8451272c389623abba7b93435641bf5bc208aca5591247cd3f5f8ccd
SSDEEP

49152:TZ2bh6qE0RLLu30871Lu2lftSrkR56i75iNV38FYeOVENfLUjxkjV:92V6qBLCrA8MrW6iTWfVMfLUMV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 4332	5048	rundll32.exe	83
PID 5048 wrote to memory of 4332	5048	rundll32.exe	83
PID 5048 wrote to memory of 4332	5048	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee.dll,#1
  2⤵
  PID:4332