a51b9e56002d33dc081db527318266a145bb939595cbd3473efbf501c89bc104

Analysis

max time kernel
148s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 17:03

Target

46bf81e90a348ea086d7d846a1ebd63e.dll
Size

10KB
MD5

46bf81e90a348ea086d7d846a1ebd63e
SHA1

f0c502098627b1454f8320d0d09a6202c61a0fac
SHA256

a51b9e56002d33dc081db527318266a145bb939595cbd3473efbf501c89bc104
SHA512

1c176ab2ae0c6097d8cc5888d0388f3f4d614b042dfe58654a05eea42218746cc7ec1055945a6467707588490d4b8cc93693cfb49f7a53a88c7460c75d325932
SSDEEP

192:mvW/W+Gv6AGOuYdkuQcck7AqAQd4WHYeSL6r8fAaM5kp/YQr:mvW/WT9GOuykuEk7Aqr43+rva7/YQr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 1940	1876	rundll32.exe	88
PID 1876 wrote to memory of 1940	1876	rundll32.exe	88
PID 1876 wrote to memory of 1940	1876	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46bf81e90a348ea086d7d846a1ebd63e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46bf81e90a348ea086d7d846a1ebd63e.dll,#1
  2⤵
  PID:1940

memory/1940-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1940-1-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download