dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 21:34

Target

dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll
Size

899KB
MD5

29cf1bb1651aa6491be47817c95695ef
SHA1

c82a4b3ef680298933ea470d51c78ff5971ae721
SHA256

dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5
SHA512

a304a0afdffc884360be6f94f63dc07015ed786480b11019446fd96223a5a0f046cd8b885e3ae31d61a9606d52b09cf46cc0c366fc595a148cf051e273102d27
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXU:7wqd87VU

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3140	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3140	1936	rundll32.exe	81
PID 1936 wrote to memory of 3140	1936	rundll32.exe	81
PID 1936 wrote to memory of 3140	1936	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3140