f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 22:50

Target

f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll
Size

51KB
MD5

92f91ad431461b938ada8d26fbe706e2
SHA1

727654cd7861792cb8589f8ac024279270d2cff6
SHA256

f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f
SHA512

1c483eecbf8bf805243037e38c934ea5bc79d73bc2eab9e95226f55f6e9b286faba3b7281515e89e17e3bde0dc9510351452d48824739f5e94b8bdc6d58ed0d2
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLdJYH5:1dWubF3n9S91BF3fboJJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4480	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4480	4032	rundll32.exe	14
PID 4032 wrote to memory of 4480	4032	rundll32.exe	14
PID 4032 wrote to memory of 4480	4032	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll,#1
1⤵
- Suspicious behavior: RenamesItself
PID:4480

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4032