6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
14/07/2024, 17:22

Target

6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee.dll
Size

2.2MB
MD5

31e5c3357595a5664bfb64e6749fd200
SHA1

09bbb5236f1d023bbedab84507c089fd527c9899
SHA256

6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee
SHA512

4531bf9256472f1410623068edb924606d21ee610fd310e670de9f01c5fb2d4051a3131a8451272c389623abba7b93435641bf5bc208aca5591247cd3f5f8ccd
SSDEEP

49152:TZ2bh6qE0RLLu30871Lu2lftSrkR56i75iNV38FYeOVENfLUjxkjV:92V6qBLCrA8MrW6iTWfVMfLUMV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 2116	3112	rundll32.exe	81
PID 3112 wrote to memory of 2116	3112	rundll32.exe	81
PID 3112 wrote to memory of 2116	3112	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b5f6eb537b17c2553484fc6e490e2c276acab660f02a1d6701e6485b347f9ee.dll,#1
  2⤵
  PID:2116