8c53d91234f539c8ec35593b7f2e4f6e771d9667a33da0c41c55d7714a52fc3b

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 15:35

Target

8c53d91234f539c8ec35593b7f2e4f6e771d9667a33da0c41c55d7714a52fc3b.dll
Size

51KB
MD5

9a4d4ab057ee091d94e109b996deb5ac
SHA1

6cbe86eabc705262af16be47cfbc4410f23f357c
SHA256

8c53d91234f539c8ec35593b7f2e4f6e771d9667a33da0c41c55d7714a52fc3b
SHA512

15ad8c115ef917e1f09863cd00535cbdc93bdcc7f3a845f2bb596901dbbfdfd37c2142c5ac2d035e1410a836439a9677dfb92dff5de133b59d54059e62e0e450
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLNJYH5:1dWubF3n9S91BF3fboZJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4508	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 4508	3556	rundll32.exe	72
PID 3556 wrote to memory of 4508	3556	rundll32.exe	72
PID 3556 wrote to memory of 4508	3556	rundll32.exe	72

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c53d91234f539c8ec35593b7f2e4f6e771d9667a33da0c41c55d7714a52fc3b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c53d91234f539c8ec35593b7f2e4f6e771d9667a33da0c41c55d7714a52fc3b.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4508