6a4927b22ae52f535bb0a32df6c92031edb297c801d2ea51314b7f94a693eb42

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 10:41

Target

6a4927b22ae52f535bb0a32df6c92031edb297c801d2ea51314b7f94a693eb42.dll
Size

51KB
MD5

6cb22dc50d47f16457e95d34f8cf1959
SHA1

0edf13bbe043784b5673be26778351266c7a5250
SHA256

6a4927b22ae52f535bb0a32df6c92031edb297c801d2ea51314b7f94a693eb42
SHA512

aece0809621da3781793e0534b5d3a2424577f6de7737b941723f843c9bc1115e6da1c4bc24f6adab4b9051e7f8d08cc03ed1b2c581190159d86a2dc5082ff98
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLDJYH5:1dWubF3n9S91BF3fbo/JYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3572	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 3572	1652	rundll32.exe	86
PID 1652 wrote to memory of 3572	1652	rundll32.exe	86
PID 1652 wrote to memory of 3572	1652	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a4927b22ae52f535bb0a32df6c92031edb297c801d2ea51314b7f94a693eb42.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a4927b22ae52f535bb0a32df6c92031edb297c801d2ea51314b7f94a693eb42.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3572