f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 12:43

Target

f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36.dll
Size

51KB
MD5

95ca01135c5d53e3be3cedd27a8ffbaa
SHA1

5f05abced95a90b94c6c944b27096e2d1798b763
SHA256

f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36
SHA512

66bdf1f6cbdd7f85b929c259bed742a52670ef71b7155f1653876e08a1437b7eacb1c762bb047535de4ccd34dbf85630edce00c577a1b8789e7282f7cfb57629
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezfsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBkpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4868	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 4868	1472	rundll32.exe	86
PID 1472 wrote to memory of 4868	1472	rundll32.exe	86
PID 1472 wrote to memory of 4868	1472	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4868