c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 10:34

Target

c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530.dll
Size

179KB
MD5

15c7e8f822d7b080d627d8c63b0d2d11
SHA1

05360066dc3128856f66eaed3af4e391ff8e6c05
SHA256

c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530
SHA512

0f252792a03ff58a8090400e322c3dd3e39a5251b6f83914f3f0a423f9cbf8d168f1cf2595b6b12a46f2bc1ae8480ca246f44164fa1a1a1e77d14cece33abda8
SSDEEP

3072:afolkX+hzpvtH1X0xQeZAruHfwJ9AWnhdQ/H/Lj8GpJNC7ksObPnhn:afhX+hzpvtHUAz9AWnhd4ckCJObPn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 4376	1992	rundll32.exe	83
PID 1992 wrote to memory of 4376	1992	rundll32.exe	83
PID 1992 wrote to memory of 4376	1992	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c48dc04123d300bd5712519cefa9db25f080cfe83517bad1d37c3f1deb09d530.dll,#1
  2⤵
  PID:4376