af7635704e06839f32247ebbb38134c20174d71760647428c9415c99e690ed35

Analysis

max time kernel
122s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 22:35

Target

af7635704e06839f32247ebbb38134c20174d71760647428c9415c99e690ed35.dll
Size

51KB
MD5

a6a4c9dba6f02119a1a55bed0eaa5ade
SHA1

bef7d205babb925773070f9a4fe24553831c97c4
SHA256

af7635704e06839f32247ebbb38134c20174d71760647428c9415c99e690ed35
SHA512

ed5d4a6bcd7f78bf78b0ba400982b04543ba845188d1d96785b2627906a6f88a1b2131b364b9352fca5fc872fc50f80c31b2508def84346c49fbe9408c81b0c0
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezfsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOB8pMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4788	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4788	5040	rundll32.exe	86
PID 5040 wrote to memory of 4788	5040	rundll32.exe	86
PID 5040 wrote to memory of 4788	5040	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af7635704e06839f32247ebbb38134c20174d71760647428c9415c99e690ed35.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af7635704e06839f32247ebbb38134c20174d71760647428c9415c99e690ed35.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4788