71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1

Analysis

max time kernel
144s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 20:47

Target

71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
Size

899KB
MD5

4056ff52fc3297465ecfab806e5802f5
SHA1

92d139b4a58c3a26f4c850552a6547a55a1f880e
SHA256

71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1
SHA512

5627539c915f151b64bc34e96584cf1319546f26b26bef50730a2686bf4722cda84f937c1624dbaaa775ae684f905d138c5b066d52c8a0da79782f20d781251f
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX+:7wqd87V+

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2096	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2096	1964	rundll32.exe	16
PID 1964 wrote to memory of 2096	1964	rundll32.exe	16
PID 1964 wrote to memory of 2096	1964	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#1
1⤵
- Suspicious behavior: RenamesItself
PID:2096

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1964