46b9f72609fb49cd9cc2240a09c5d3c545ce50072f9c9b7119b1a2019b73c399

Analysis

max time kernel
136s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 19:16

Target

46b9f72609fb49cd9cc2240a09c5d3c545ce50072f9c9b7119b1a2019b73c399.dll
Size

5KB
MD5

824e7a04ecfd40a774b9b7375d789380
SHA1

cbc8232814088a07a0e4d6ffbd6de3ef4776bf9a
SHA256

46b9f72609fb49cd9cc2240a09c5d3c545ce50072f9c9b7119b1a2019b73c399
SHA512

f49825c0775ce774cd3854b8c099048ac06762ea924e6916f008700472c6446c04758d27efa2b2b5426593e34a1c2176c673755e7a42c7b01ade32e0b2506fb2
SSDEEP

48:a7Q2voyT+Bt5a9KnFQvo6F6feOEQiZmY3W7ILoBydhxrMQGf1wP/11w:qT+ZKc2vHFEEHmXILoqxOfK1u

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 760	4020	rundll32.exe	79
PID 4020 wrote to memory of 760	4020	rundll32.exe	79
PID 4020 wrote to memory of 760	4020	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46b9f72609fb49cd9cc2240a09c5d3c545ce50072f9c9b7119b1a2019b73c399.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46b9f72609fb49cd9cc2240a09c5d3c545ce50072f9c9b7119b1a2019b73c399.dll,#1
  2⤵
  PID:760