46d9bb657b99fa426ba3897824faf90c840e2aaf83cdd0a53733fc5e351ee68e

Analysis

max time kernel
91s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:50

Target

46d9bb657b99fa426ba3897824faf90c840e2aaf83cdd0a53733fc5e351ee68e.dll
Size

345KB
MD5

448567e2ed887d617cbe603955717850
SHA1

b15e91d6222eb3ec239bcce9a7ffccf4c81b0f5a
SHA256

46d9bb657b99fa426ba3897824faf90c840e2aaf83cdd0a53733fc5e351ee68e
SHA512

14689cb13a628753ba3ffdab15aeca5c93bf307ca24b81ea514334a081cdbb82a89db139a4d8fc615c74a8e5676fe899365cc498f3291638bed530291415108f
SSDEEP

6144:vLVB0KEVu1ia7KMDZGZVNFA1VaH4jw6K5zBOJk+1lNSiP2jWPAus+WiThQvUR2Jp:vLVB0lc1iqKIZGZVNFUVaYjk81llP2iq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2320 wrote to memory of 2116	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2116	2320	rundll32.exe	rundll32.exe
PID 2320 wrote to memory of 2116	2320	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d9bb657b99fa426ba3897824faf90c840e2aaf83cdd0a53733fc5e351ee68e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2320

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d9bb657b99fa426ba3897824faf90c840e2aaf83cdd0a53733fc5e351ee68e.dll,#1
2⤵
PID:2116