666a2c4caca7736958e87680a858ed7d7a8cdff4546c4621b9e347e6afa10d47

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 10:36

Target

666a2c4caca7736958e87680a858ed7d7a8cdff4546c4621b9e347e6afa10d47.dll
Size

50KB
MD5

efb45a941b94ec4b1c6cdc5f022d82b6
SHA1

ee475cedd4b68f59ff472cb8a0b2f0effcb22460
SHA256

666a2c4caca7736958e87680a858ed7d7a8cdff4546c4621b9e347e6afa10d47
SHA512

a4af7071529d125b3119b560318cf04f181919837d3772c5b6a6f10434e8fe91b41b8d13770a321c8500df46c1faf9b1e32463fc93eefa36b88d93f37f00915d
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5HJYH:W5ReWjTrW9rNPgYo9JYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5064	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 5064	244	rundll32.exe	85
PID 244 wrote to memory of 5064	244	rundll32.exe	85
PID 244 wrote to memory of 5064	244	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\666a2c4caca7736958e87680a858ed7d7a8cdff4546c4621b9e347e6afa10d47.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\666a2c4caca7736958e87680a858ed7d7a8cdff4546c4621b9e347e6afa10d47.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:5064