49935fce10f803540c268c0b5013d42120e03b04ac454e939d4841e995a90821

Analysis

max time kernel
7s
max time network
12s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2023, 17:42

Target

49935fce10f803540c268c0b5.dll
Size

293KB
MD5

00cb030d867c2724a163620dc64ade24
SHA1

b04772ca1e23e5ef06c8d2c2c5313a8f10886d07
SHA256

49935fce10f803540c268c0b5013d42120e03b04ac454e939d4841e995a90821
SHA512

b2f2f02abde7fe4d63320d5bb4c141f111f137a92d5d5d940825acb34e2e86a9fd89713d5fd75af40254438432b1fb127326a48f11bc2217e8b0ff4ee83c8160
SSDEEP

6144:YxTNhvxJ6h2fFtOxpp6bTGgiENpHGSpqlTXC1AYklTBSwAOzpd2:4TNh58srOfpAPi0EfCQlTYw/w

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
1	4728	rundll32.exe
2	4728	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 4728	4276	rundll32.exe	79
PID 4276 wrote to memory of 4728	4276	rundll32.exe	79
PID 4276 wrote to memory of 4728	4276	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49935fce10f803540c268c0b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49935fce10f803540c268c0b5.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:4728