95122d0cc0f35f8e7e37f3896e635eafc8268a07929159084240bc4884bead6f

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2023 19:24

Target

95122d0cc0f35f8e7e37f3896e635eafc8268a07929159084240bc4884bead6f.dll
Size

1.8MB
MD5

40af370b6b1aa8d695bafd1a2519b702
SHA1

ec04f4eeeff36b15f5bcccc590517da68c8431ba
SHA256

95122d0cc0f35f8e7e37f3896e635eafc8268a07929159084240bc4884bead6f
SHA512

14a5aac51ff41caf5876b7998d01017fe2dbc54b9ce827a75589753ccc343d0ce5e370ffd1f4f04084dc0181751e92e078f8ab71a2fe6f2f84aee20fdb289cd8
SSDEEP

49152:sl+hOSpBWDTNkkpHRtAHbufRmaOLRYXR:sl+/papW

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4148	rundll32.exe
4148	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 4148	4976	rundll32.exe	82
PID 4976 wrote to memory of 4148	4976	rundll32.exe	82
PID 4976 wrote to memory of 4148	4976	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95122d0cc0f35f8e7e37f3896e635eafc8268a07929159084240bc4884bead6f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95122d0cc0f35f8e7e37f3896e635eafc8268a07929159084240bc4884bead6f.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148