190837ac3aeb12b9de1e5ae7e49c787b869a1bebb91607104940c7f2f8ef58d1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 17:46

Target

46d45d9f4b53275b520f8d16cb67695e.dll
Size

128KB
MD5

46d45d9f4b53275b520f8d16cb67695e
SHA1

4fc0b7f0fd5e7065bbf1dfa2bd030d5e6bce07ef
SHA256

190837ac3aeb12b9de1e5ae7e49c787b869a1bebb91607104940c7f2f8ef58d1
SHA512

b36622680613a62a975dcc4dfbe1a9cce4f3ecc99d24e7f62847852e400b9d2f703fbd342d79e21d2149c2c92f2510a1388910ff08c7fc8a510d1a359484c25f
SSDEEP

3072:INHFqsYaFREiNoCoz/775LxM8NUSytLMiCRpMHvr+zB6:INHcFafEiOCoDViHwiN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 2292	4084	rundll32.exe	14
PID 4084 wrote to memory of 2292	4084	rundll32.exe	14
PID 4084 wrote to memory of 2292	4084	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d45d9f4b53275b520f8d16cb67695e.dll,#1
1⤵
PID:2292

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46d45d9f4b53275b520f8d16cb67695e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4084

memory/2292-6-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2292-5-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2292-2-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2292-0-0x0000000001040000-0x000000000104D000-memory.dmp

Filesize
52KB

Download