46413d8fb54672ca406228c1aab10e77a79e5d05bf131ec1d471c5fd6a3331fa

Analysis

max time kernel
138s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 11:10

Target

46413d8fb54672ca406228c1aab10e77a79e5d05bf131ec1d471c5fd6a3331fa.dll
Size

114KB
MD5

6aa4974054078b48483f40156b2b6292
SHA1

59d966498f9918f51e2160c44e4a2df602d19828
SHA256

46413d8fb54672ca406228c1aab10e77a79e5d05bf131ec1d471c5fd6a3331fa
SHA512

35be532719b2dbb618415db8767fac24bf2836d0f95012ff45d5f1c971b272887eeb6bc770955accf167c7de021bfa0c775f16d438212dc9b66af9abd9931fb7
SSDEEP

1536:/ePxCUjeSp7qrnhBbgA6U7eLKeq8p8gWvHMetFBOwVle0r896Fg1S5t6:WPxpuLhl6P7WrjXVzJ5t6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 816	2216	rundll32.exe	80
PID 2216 wrote to memory of 816	2216	rundll32.exe	80
PID 2216 wrote to memory of 816	2216	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46413d8fb54672ca406228c1aab10e77a79e5d05bf131ec1d471c5fd6a3331fa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46413d8fb54672ca406228c1aab10e77a79e5d05bf131ec1d471c5fd6a3331fa.dll,#1
  2⤵
  PID:816