d13482e092e041a3bb1de53e4baf328867c9ef9d407ce16e58aadc08533e2594

Analysis

max time kernel
148s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 04:37

Target

d13482e092e041a3bb1de53e4baf328867c9ef9d407ce16e58aadc08533e2594.dll
Size

51KB
MD5

8b4048b2f4bef744f1d35d086e70173a
SHA1

5fea016cfabb0fa6be05f5904c6216aefecc6c91
SHA256

d13482e092e041a3bb1de53e4baf328867c9ef9d407ce16e58aadc08533e2594
SHA512

2639520eb97d036e6a52d152b7600f0214a6be4a4f05307396e2ac7e3bb95ece0794bb0f46d24958585b2e968f433519b1bce647e7a4c2484865897cbed864ca
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLgJYH5:1dWubF3n9S91BF3fboUJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4004	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 4004	900	rundll32.exe	14
PID 900 wrote to memory of 4004	900	rundll32.exe	14
PID 900 wrote to memory of 4004	900	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d13482e092e041a3bb1de53e4baf328867c9ef9d407ce16e58aadc08533e2594.dll,#1
1⤵
- Suspicious behavior: RenamesItself
PID:4004

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d13482e092e041a3bb1de53e4baf328867c9ef9d407ce16e58aadc08533e2594.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:900