fa949a4b3fb03ca2e13b0226b167ae9c562ccb6effbcbaaf599da331aacd2544

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 20:39

Target

fa949a4b3fb03ca2e13b0226b167ae9c562ccb6effbcbaaf599da331aacd2544.dll
Size

899KB
MD5

8e777f17258881dd57e5ba05003a360d
SHA1

795c5f1f0b55049f516d12b72837eff9fb127f93
SHA256

fa949a4b3fb03ca2e13b0226b167ae9c562ccb6effbcbaaf599da331aacd2544
SHA512

5208dad768a5615bf2c92362e7a126de47db415e740283c6c106014daec83020315792439c72060cb4a2b2404b422c8752654e939ae40d175829f9b9a914bbf8
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXP:7wqd87VP

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1836	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1836	1332	rundll32.exe	64
PID 1332 wrote to memory of 1836	1332	rundll32.exe	64
PID 1332 wrote to memory of 1836	1332	rundll32.exe	64

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa949a4b3fb03ca2e13b0226b167ae9c562ccb6effbcbaaf599da331aacd2544.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa949a4b3fb03ca2e13b0226b167ae9c562ccb6effbcbaaf599da331aacd2544.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1836