f42f3db41578d53eb1df6859d753f0d5447d423f926f4f915136e555be079a25

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 23:43

Target

f42f3db41578d53eb1df6859d753f0d5447d423f926f4f915136e555be079a25.dll
Size

51KB
MD5

9ba4d6a21e9862fb93afd083f0daf548
SHA1

3bfe94bf3532ff8004f1ebafc864a53c31ebc9b2
SHA256

f42f3db41578d53eb1df6859d753f0d5447d423f926f4f915136e555be079a25
SHA512

4fb660b6370a8cd34e1168c63e2c5d70e44efeec91f1559d93ac6885674c1232cf86079009573492a0772524d4c4fbd1df4badbbe887af8bc11a19765897bf28
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLTJYH5:1dWubF3n9S91BF3fbo/JYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
556	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 556	552	rundll32.exe	89
PID 552 wrote to memory of 556	552	rundll32.exe	89
PID 552 wrote to memory of 556	552	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f42f3db41578d53eb1df6859d753f0d5447d423f926f4f915136e555be079a25.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f42f3db41578d53eb1df6859d753f0d5447d423f926f4f915136e555be079a25.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:556