9a9a34194fb83501ec01f622bb4cf84655f8d243e6e4d66743b26d7cf1028377

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2023 17:19

Target

9a9a34194fb83501ec01f622bb4cf84655f8d243e6e4d66743b26d7cf1028377.dll
Size

10.9MB
MD5

95040a473652bf1e529663a16bc89802
SHA1

d5207f71dad601c9cf27998d5efe17b5ff5c2a07
SHA256

9a9a34194fb83501ec01f622bb4cf84655f8d243e6e4d66743b26d7cf1028377
SHA512

ed02c82058e964f452333f6addd6f06ccb84f7c1168b442aaa6dbbca93133780227b3376ddf72c509b229410abff71d80207cf901f8297a85ea15660f6a7af07
SSDEEP

196608:Uc+BR6ZkeEe4SzDKWkOv8sFHl40pNuJqw/W4C5402EwREZ1y7h4MCbq7ZR7Yn:dkceqzDKWj9FHl4UuJqD546wREZU4Mc9

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3088	404	rundll32.exe	81
PID 404 wrote to memory of 3088	404	rundll32.exe	81
PID 404 wrote to memory of 3088	404	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a9a34194fb83501ec01f622bb4cf84655f8d243e6e4d66743b26d7cf1028377.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a9a34194fb83501ec01f622bb4cf84655f8d243e6e4d66743b26d7cf1028377.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088

memory/3088-136-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3088-138-0x00000000736D0000-0x0000000074B31000-memory.dmp

Filesize
20.4MB

Download
memory/3088-137-0x00000000736D0000-0x0000000074B31000-memory.dmp

Filesize
20.4MB

Download
memory/3088-142-0x00000000736D0000-0x0000000074B31000-memory.dmp

Filesize
20.4MB

Download