9a3e1b9279d114124ff1874ce115f916b03b4c06aa49270d2f317d07b72bb719

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 21:42

Target

9a3e1b9279d114124ff1874ce115f916b03b4c06aa49270d2f317d07b72bb719.dll
Size

50KB
MD5

feb4f664a7d0ec3b1fc2a21b72f3f168
SHA1

330b48361b669a724253ea262583167e58965d90
SHA256

9a3e1b9279d114124ff1874ce115f916b03b4c06aa49270d2f317d07b72bb719
SHA512

a4d0bc8dcf782d6f85eeb3030eee87354969293bfa7a650a3f3ae428c456bb157b168efbb3acf25b0c6aadab3e5cb672d6795c9a788586802acb456b34c80681
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5IJYH:W5ReWjTrW9rNPgYoOJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1492	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 1492	3628	rundll32.exe	83
PID 3628 wrote to memory of 1492	3628	rundll32.exe	83
PID 3628 wrote to memory of 1492	3628	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a3e1b9279d114124ff1874ce115f916b03b4c06aa49270d2f317d07b72bb719.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a3e1b9279d114124ff1874ce115f916b03b4c06aa49270d2f317d07b72bb719.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1492