5d21bed8bd05d191b6b3895a179fc5675817ed6b51a7af466537dc28b27d2a6b

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 02:27

Target

5d21bed8bd05d191b6b3895a179fc5675817ed6b51a7af466537dc28b27d2a6b.dll
Size

51KB
MD5

7d87e290fb1f523f5867bc69e14ef3c2
SHA1

0338dbf39f7aebbd4859f1445d8eb1c3198c72d2
SHA256

5d21bed8bd05d191b6b3895a179fc5675817ed6b51a7af466537dc28b27d2a6b
SHA512

099cc41730502a9629efa4ee5e5d94f5506ed52510a72ab6579440dcc470a68d03edf0828a16d887ddbecba4263a761052d7fa1eeb4b1953171c53ccbceb70ed
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBez+sAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBFpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3664	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3664	2248	rundll32.exe	57
PID 2248 wrote to memory of 3664	2248	rundll32.exe	57
PID 2248 wrote to memory of 3664	2248	rundll32.exe	57

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d21bed8bd05d191b6b3895a179fc5675817ed6b51a7af466537dc28b27d2a6b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d21bed8bd05d191b6b3895a179fc5675817ed6b51a7af466537dc28b27d2a6b.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3664