49d95c05155371269e6b81d8ac377f4d6602cbd619d7888b20c27bee08859bf4

Analysis

max time kernel
139s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 15:17

Target

49d95c05155371269e6b81d8ac377f4d6602cbd619d7888b20c27bee08859bf4.dll
Size

2.9MB
MD5

472ce33648c23341f346021162628dfc
SHA1

359ddc7d04f155c1cff6196b4f0a31ab02d44e91
SHA256

49d95c05155371269e6b81d8ac377f4d6602cbd619d7888b20c27bee08859bf4
SHA512

83a5842d55b9f0950d681d1895a4dd13b7b0ae231ef922542bdadfa9851f8ed63f90b61a0764b5573291aee5fa448e741156d2ea91391881d26f33f891974a31
SSDEEP

49152:R6phkdlx2CaZmkTskdNve+lu3ek240ZUWaLtI:6k8CFkTskq3ekqa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 4780	2040	rundll32.exe	80
PID 2040 wrote to memory of 4780	2040	rundll32.exe	80
PID 2040 wrote to memory of 4780	2040	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49d95c05155371269e6b81d8ac377f4d6602cbd619d7888b20c27bee08859bf4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49d95c05155371269e6b81d8ac377f4d6602cbd619d7888b20c27bee08859bf4.dll,#1
  2⤵
  PID:4780

memory/4780-133-0x0000000002B00000-0x0000000002DEA000-memory.dmp

Filesize
2.9MB

Download