49ff83f1588192f1466260bdfcf9deb63f7327974530b70e25f533a5ea6bb5a6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:16

Target

49ff83f1588192f1466260bdfcf9deb63f7327974530b70e25f533a5ea6bb5a6.dll
Size

81KB
MD5

409d54827187b3743c92cb388c8632e0
SHA1

897862766ee8f7ec59cbb53ac2149fdead6c4333
SHA256

49ff83f1588192f1466260bdfcf9deb63f7327974530b70e25f533a5ea6bb5a6
SHA512

1ebe819db16cbdea7defb85ad8cd8eb9991c70a3729cdedcfd7238cddb6129f76a368757d74d72507e27377a4f8fe7b58a4865b8a413f53c29e5c87f6c86a30d
SSDEEP

1536:4ByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WM:lv4JKXTx71wnArSsXFpeXq8WM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3960 wrote to memory of 4180	3960	rundll32.exe	rundll32.exe
PID 3960 wrote to memory of 4180	3960	rundll32.exe	rundll32.exe
PID 3960 wrote to memory of 4180	3960	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49ff83f1588192f1466260bdfcf9deb63f7327974530b70e25f533a5ea6bb5a6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49ff83f1588192f1466260bdfcf9deb63f7327974530b70e25f533a5ea6bb5a6.dll,#1
  2⤵
  PID:4180