3a45cc047ce21c9d8102298c561c70f2e6bb32f7b5e325b2afcb42d192b2522e

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2023, 22:29

Target

3a45cc047ce21c9d8102298c561c70f2e6bb32f7b5e325b2afcb42d192b2522e.dll
Size

51KB
MD5

73bcf98b4f6b7352fc199b45ba3f373b
SHA1

a9acef92105bee2b3f763138c18ad0243c6b47df
SHA256

3a45cc047ce21c9d8102298c561c70f2e6bb32f7b5e325b2afcb42d192b2522e
SHA512

145ab0f5bf7a7d43b21150222a56bd66aea0d6787cec23a4b4ef07c44cafdb9b7654bedff7e4c1870163f251f8aed8a2883bfe564ff830ff5c8320b97c79315a
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezXsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBUpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1048	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 1048	4192	rundll32.exe	80
PID 4192 wrote to memory of 1048	4192	rundll32.exe	80
PID 4192 wrote to memory of 1048	4192	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a45cc047ce21c9d8102298c561c70f2e6bb32f7b5e325b2afcb42d192b2522e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a45cc047ce21c9d8102298c561c70f2e6bb32f7b5e325b2afcb42d192b2522e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1048