21d101b00f879ddcac994afbf5d8634a10346e431c5a2b16651509fb6e9bb213

Analysis

max time kernel
156s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2023 08:11

Target

21d101b00f879ddcac994afbf5d8634a10346e431c5a2b16651509fb6e9bb213.dll
Size

51KB
MD5

6d4bc62f9dbd06207c2e93cd2e69eea6
SHA1

53470994258d1be0cda30a57134666496ea012fd
SHA256

21d101b00f879ddcac994afbf5d8634a10346e431c5a2b16651509fb6e9bb213
SHA512

bc6985f8b2a752d144c3898be626b1e8acee887ebca64043b41dacaa14dd983c7f79ec6299051f299ce25e1316703dec1aa69459ec78a4bc1064221fd1a3045c
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLnJYH5:1dWubF3n9S91BF3fbojJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1512	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1512	1960	rundll32.exe	83
PID 1960 wrote to memory of 1512	1960	rundll32.exe	83
PID 1960 wrote to memory of 1512	1960	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d101b00f879ddcac994afbf5d8634a10346e431c5a2b16651509fb6e9bb213.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d101b00f879ddcac994afbf5d8634a10346e431c5a2b16651509fb6e9bb213.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1512