40f2d7d00c3409701b8d97990619f994be9b178a9d0de69f803608e85f70dfeb

Analysis

max time kernel
181s
max time network
222s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 01:34

Target

40f2d7d00c3409701b8d97990619f994be9b178a9d0de69f803608e85f70dfeb.dll
Size

51KB
MD5

28afe5f81b30e5534a00dc4e32f0ac13
SHA1

96b0e18c77268be9c211eee9609ff71da8f3375a
SHA256

40f2d7d00c3409701b8d97990619f994be9b178a9d0de69f803608e85f70dfeb
SHA512

058498d77df1f432382bd124b449ac772296e5031e79f9669150cfd00fc2afd5e3b01fc8cfd40bd1acd4e52629fe313f982d838c59fc9509cf2ccf1cc225ebc5
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLdJYH5:1dWubF3n9S91BF3fbohJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4800	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 4800	4688	rundll32.exe	34
PID 4688 wrote to memory of 4800	4688	rundll32.exe	34
PID 4688 wrote to memory of 4800	4688	rundll32.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40f2d7d00c3409701b8d97990619f994be9b178a9d0de69f803608e85f70dfeb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40f2d7d00c3409701b8d97990619f994be9b178a9d0de69f803608e85f70dfeb.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4800