9b2918ff6ef1b6cef7dc4791f440af5bfe820f8ac21a5cfb1decae465e3410ca

Analysis

max time kernel
153s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 22:31

Target

9b2918ff6ef1b6cef7dc4791f440af5bfe820f8ac21a5cfb1decae465e3410ca.dll
Size

899KB
MD5

52eff8179e5b124f3ee5066851e0bad7
SHA1

1fd002dc9aa4599365bedd3accd6f92fb0a33132
SHA256

9b2918ff6ef1b6cef7dc4791f440af5bfe820f8ac21a5cfb1decae465e3410ca
SHA512

f5f1bd6471af160db85a74f27014ec324150f99ce9695a062191ef162867fdb10266a90475efca636e5d43fe4e7e9b421ba2462da6e37a6d16de5fea85531040
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXz:7wqd87Vz

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1436	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 1436	1480	rundll32.exe	90
PID 1480 wrote to memory of 1436	1480	rundll32.exe	90
PID 1480 wrote to memory of 1436	1480	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b2918ff6ef1b6cef7dc4791f440af5bfe820f8ac21a5cfb1decae465e3410ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b2918ff6ef1b6cef7dc4791f440af5bfe820f8ac21a5cfb1decae465e3410ca.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1436