48d52db7c3db2fd04e42600466ff1946e3fb20bb24d86efcf48dd5c2ae791172

Analysis

max time kernel
14s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 13:19

Target

48d52db7c3db2fd04e42600466ff1946e3fb20bb24d86efcf48dd5c2ae791172.dll
Size

34KB
MD5

08de90e25022e6344345e920614478d0
SHA1

94cba3b059c3564edc1bc27477a9f30663a1a245
SHA256

48d52db7c3db2fd04e42600466ff1946e3fb20bb24d86efcf48dd5c2ae791172
SHA512

01ce58a0282b0168c9d54427dec8081173bf4ad226b3db97a713625b9ea98cf5c74e33f00a7c13bff47c10e5a5cecb4406256696e0d6ad6bb30b1d090e0fb99d
SSDEEP

768:EpFCXEL6Chde6ZU2DKeEbJP7owLdiHNiOEhsKdR9D8ZX:EpFBLfhAyHKeg7owLE0rsKdRGd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d52db7c3db2fd04e42600466ff1946e3fb20bb24d86efcf48dd5c2ae791172.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d52db7c3db2fd04e42600466ff1946e3fb20bb24d86efcf48dd5c2ae791172.dll,#1
  2⤵
  PID:2196