9a597548430902cf1df98395db6edaab5b25006e17c90409089e204c29affa12

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 21:51

Target

9a597548430902cf1df98395db6edaab5b25006e17c90409089e204c29affa12.dll
Size

51KB
MD5

31f0f9f8a7d2b6bfc9389ec4a17a5cf2
SHA1

a1ce3c8f8e6b91e76fbb085a074b0321bf3c0f93
SHA256

9a597548430902cf1df98395db6edaab5b25006e17c90409089e204c29affa12
SHA512

564df9af4d9b0cbab24c1b352ad391553b2d60450705f91838bf3222749d22152274a47e2af6019827b482a1fa12c77dc07be157476bf1b53adcedc06d7979d6
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezBsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBmpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4964	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 4964	1368	rundll32.exe	84
PID 1368 wrote to memory of 4964	1368	rundll32.exe	84
PID 1368 wrote to memory of 4964	1368	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a597548430902cf1df98395db6edaab5b25006e17c90409089e204c29affa12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a597548430902cf1df98395db6edaab5b25006e17c90409089e204c29affa12.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4964