9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 23:31

Target

9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd.dll
Size

899KB
MD5

ce041a66a72a51231c3aa0f2d49bab9f
SHA1

0e8a835c9228546ba55c2ca3d23d14d0c8a553aa
SHA256

9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd
SHA512

1d6aea15e6b82ac7348a86b1fd2e72840c315aabb23561fe104262b3dfb52e5a073c4af77b628ef05195187f8334fe6d7b8160e8aa65596fe54d6fa9277c0027
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXu:7wqd87Vu

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3864	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 3864	3448	rundll32.exe	87
PID 3448 wrote to memory of 3864	3448	rundll32.exe	87
PID 3448 wrote to memory of 3864	3448	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c9404b99235c0ac9ea9a2c132edac62b43d1fed5530f74df37e92eff9024dfd.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3864