5162e498db495966ea4ee7fc2d103ef73f90ce64c1df48239b60635fded9aa78

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 01:50

Target

5162e498db495966ea4ee7fc2d103ef73f90ce64c1df48239b60635fded9aa78.dll
Size

468KB
MD5

19ce7ba1f9424e2eacf7043d0b7b31f0
SHA1

5fff2fd59e82207321219d18211a7ff873644220
SHA256

5162e498db495966ea4ee7fc2d103ef73f90ce64c1df48239b60635fded9aa78
SHA512

1bae6800cdd81533a943a90e0cb61b7de58a2acdf0863c659ed1b83f81b1a51007a04f45d04f5010e13ce4eff9c65422c0299dc7f90fa169923dabbf25d842e5
SSDEEP

6144:PPy8hM8ub76mudRz0LVbyQ6CtV/V5xYv5wOzdqxGYXrcT8S+DRk/2xW/DV/ndRuq:Xy8i88dmz0Lj7gqrct/0657h/

Score

1^/10

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4904	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 4904	3548	rundll32.exe	81
PID 3548 wrote to memory of 4904	3548	rundll32.exe	81
PID 3548 wrote to memory of 4904	3548	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5162e498db495966ea4ee7fc2d103ef73f90ce64c1df48239b60635fded9aa78.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5162e498db495966ea4ee7fc2d103ef73f90ce64c1df48239b60635fded9aa78.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4904