96a2a2bb659371fda94aaab431023fd64df0b9e0aa067bd7cbe8dc083b461b9e

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:39

Target

96a2a2bb659371fda94aaab431023fd64df0b9e0aa067bd7cbe8dc083b461b9e.dll
Size

51KB
MD5

22aa9e2e5427d619fcbc8d46b6238c4b
SHA1

6c68bd85f8bcee31e10b64ab1a673bf41038dc46
SHA256

96a2a2bb659371fda94aaab431023fd64df0b9e0aa067bd7cbe8dc083b461b9e
SHA512

9d65ca9d88646fa3198b0a547ded44c7fd1f2b09fb0a3c6ed0965f4bba9d87ca66068a576a41bb4e0ea4784497df3731590726a4212ff4138042626d144a8d67
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLbJYH5:1dWubF3n9S91BF3fbonJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4412	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 4412	1972	rundll32.exe	17
PID 1972 wrote to memory of 4412	1972	rundll32.exe	17
PID 1972 wrote to memory of 4412	1972	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96a2a2bb659371fda94aaab431023fd64df0b9e0aa067bd7cbe8dc083b461b9e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\96a2a2bb659371fda94aaab431023fd64df0b9e0aa067bd7cbe8dc083b461b9e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4412