e7e93ee7880a7516fc05bf24f61f0c80705dcf2d01e3c13aefd22db3b07fa989

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 17:11

Target

46c292daea608bb05253539fd89b828d.dll
Size

216KB
MD5

46c292daea608bb05253539fd89b828d
SHA1

11983e6c97e60d8414d1709353929fe8acfef911
SHA256

e7e93ee7880a7516fc05bf24f61f0c80705dcf2d01e3c13aefd22db3b07fa989
SHA512

e1557d87789a001846fbe3431285bc45db1e666e0d909f85822cd92c949611beb4686f74ff1791bf103e63909831c6bc51f4b41b575c511fb8dc8326167ce834
SSDEEP

3072:U35yX6OFunl75OJ+jaG+BHneoAbMAfcpRkMtx3ILxuyP1E1ko4r2nTHLlESBwR:uxOFuFj6BHAbJfLM3SuE12B4rU62

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 4256	868	rundll32.exe	43
PID 868 wrote to memory of 4256	868	rundll32.exe	43
PID 868 wrote to memory of 4256	868	rundll32.exe	43

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46c292daea608bb05253539fd89b828d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46c292daea608bb05253539fd89b828d.dll,#1
  2⤵
  PID:4256