2ff57092dead4c1a99be9aa98e0d54edc6585f189069303b11140122268d23ba

Analysis

max time kernel
116s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:50

Target

41a9207db41c21c871109514d45a846b00afedbf82e0f31e989460bfe20a1c81.dll
Size

514KB
MD5

ff6fc901fdfcc1bf32bc4a1fd9bb12ba
SHA1

8ca5166eef9d13c71ca94fa0c36d0a29633e98fc
SHA256

2ff57092dead4c1a99be9aa98e0d54edc6585f189069303b11140122268d23ba
SHA512

95c5b6f4ca61c1ca3487622b2458ee0f3627479b55fad98a3452775a09dbb074f183c003ab596b4af60686e677be957f5bce3d8543779f7d039eca5a55e53e95
SSDEEP

6144:xlWn+IJZrBkWSN2XkDNxaE3/JzMsUe9w0ExM01ttmO:/nI7JtmaEqveODM01t7

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

4176 rundll32.exe

pid	process
4176	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1048 wrote to memory of 4176	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 4176	1048	rundll32.exe	rundll32.exe
PID 1048 wrote to memory of 4176	1048	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a9207db41c21c871109514d45a846b00afedbf82e0f31e989460bfe20a1c81.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1048

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a9207db41c21c871109514d45a846b00afedbf82e0f31e989460bfe20a1c81.dll,#1
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4176