46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf

Analysis

max time kernel
74s
max time network
192s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
01/10/2023, 22:19

Target

46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf.dll
Size

2.2MB
MD5

6fab8d882c6bbe2f85b1bb446fe74fc2
SHA1

9971336d72ed9c22c0f6ee05ea07c1b8881677f7
SHA256

46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf
SHA512

c5fbd418c2736f2c2dfd4eeba959e451d638b310d2a860bab11628e8b94c5774bc481ad94abc3ea270bb3291739cae76bc5c4672d9cd597e63368e4493122e73
SSDEEP

49152:52DQ0MdfppbpIca7TiqFsv9HUInu3BfoUYNUDZrdmC+xED:5ttXbpbaJ60WiBfoUFZrdPc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 4932	1116	rundll32.exe	69
PID 1116 wrote to memory of 4932	1116	rundll32.exe	69
PID 1116 wrote to memory of 4932	1116	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46a52927e76eb4eca1d333e4d82e82e381a312dabd9d3829bf8bf2c829629cbf.dll,#1
  2⤵
  PID:4932

memory/4932-0-0x0000000003180000-0x0000000003186000-memory.dmp

Filesize
24KB

Download
memory/4932-1-0x0000000010000000-0x0000000010234000-memory.dmp

Filesize
2.2MB

Download
memory/4932-5-0x0000000004EC0000-0x0000000004FD8000-memory.dmp

Filesize
1.1MB

Download
memory/4932-6-0x0000000004FF0000-0x00000000050EC000-memory.dmp

Filesize
1008KB

Download
memory/4932-9-0x0000000004FF0000-0x00000000050EC000-memory.dmp

Filesize
1008KB

Download
memory/4932-10-0x0000000004FF0000-0x00000000050EC000-memory.dmp

Filesize
1008KB

Download