e9bd6630bbe0ca46f032a55480b1c60ea0821cf5368295148e1e7da5a3f0c9e0

Analysis

max time kernel
139s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 06:50

Target

484ea9d57a322c5a7e1c7d0c2845190a.dll
Size

52KB
MD5

484ea9d57a322c5a7e1c7d0c2845190a
SHA1

97474941ccf683c5174ebe8f942ae3b8608450b6
SHA256

e9bd6630bbe0ca46f032a55480b1c60ea0821cf5368295148e1e7da5a3f0c9e0
SHA512

a8739d8e2b316d61940feaea3e6a3b32e3af0805961243a846070eb1ed7feb8233ab5c8c431e00e7c534eb2209a17d5afb4b8083a151abc8af6a78cb9b4fac42
SSDEEP

768:h2ga0xd9Hpk0e8MnmRe7ZZa3R1fb961vNPrl79JnCJ0u:dxd9+0e8ZGZZo1fbs1RV9ZCJ0

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3668	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3668	4836	rundll32.exe	14
PID 4836 wrote to memory of 3668	4836	rundll32.exe	14
PID 4836 wrote to memory of 3668	4836	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\484ea9d57a322c5a7e1c7d0c2845190a.dll,#1
1⤵
- Suspicious behavior: RenamesItself
PID:3668

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\484ea9d57a322c5a7e1c7d0c2845190a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836