f6048fc561d88cf6c753354e94d5fd4444b3452032fbf17df41c130e427ed213

Analysis

max time kernel
139s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2024 06:32

Target

f6048fc561d88cf6c753354e94d5fd4444b3452032fbf17df41c130e427ed213.dll
Size

899KB
MD5

7b1e51f63dcb4af8bac6dfb3b1c64d2b
SHA1

76d261bffc3f1fc825a6568839a51671710afc91
SHA256

f6048fc561d88cf6c753354e94d5fd4444b3452032fbf17df41c130e427ed213
SHA512

f215f7d9bc4297ca60ee5a18f8cd1f1ee7cc9bf5c2e5a625c33354ff8296c4e26779ad9daca30b68f5f223a40c6884a968e64188fcb7066258abea8fedb6e52a
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXU:7wqd87VU

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2988	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 2988	3540	rundll32.exe	83
PID 3540 wrote to memory of 2988	3540	rundll32.exe	83
PID 3540 wrote to memory of 2988	3540	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6048fc561d88cf6c753354e94d5fd4444b3452032fbf17df41c130e427ed213.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6048fc561d88cf6c753354e94d5fd4444b3452032fbf17df41c130e427ed213.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2988