d611958422a50ae5380b7146cdf0436ee4619f084b1f1631699efb26caa15ddb

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2023 00:33

Target

d611958422a50ae5380b7146cdf0436ee4619f084b1f1631699efb26caa15ddb.dll
Size

51KB
MD5

2f3ee7f1a738605552dd109f2fb40191
SHA1

394fcc0b93188e284bc08ee0158a7aa6a356a98b
SHA256

d611958422a50ae5380b7146cdf0436ee4619f084b1f1631699efb26caa15ddb
SHA512

047132f762f5e02b535f2aa059af44feb700a8a0fa671891866b251a592bb7b059c7d6c872712543778c68fd518085807dc7db7fbca501763521632afdd12a93
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL0JYH5:1dWubF3n9S91BF3fbooJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4524	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 4524	4460	rundll32.exe	90
PID 4460 wrote to memory of 4524	4460	rundll32.exe	90
PID 4460 wrote to memory of 4524	4460	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d611958422a50ae5380b7146cdf0436ee4619f084b1f1631699efb26caa15ddb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d611958422a50ae5380b7146cdf0436ee4619f084b1f1631699efb26caa15ddb.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4524