ca4547a03b3b92b3ecdec0c2d581e8c35636d0400e9d53efb0ce5eb71839e2aa

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 13:57

Target

ca4547a03b3b92b3ecdec0c2d581e8c35636d0400e9d53efb0ce5eb71839e2aa.dll
Size

51KB
MD5

56aadd2b315d2fd9f374345c8e15d52f
SHA1

793bd6205ca743c82f701d27bb21d29309d9b7e5
SHA256

ca4547a03b3b92b3ecdec0c2d581e8c35636d0400e9d53efb0ce5eb71839e2aa
SHA512

26392e425155f5b7c4f47acf6a3a067f7d15a61718d86412e0631fd77664a7ae32becb9bd01923dfaa0a65932e588ed70b9177c8e40818a536487b128e82174a
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLOJYH5:1dWubF3n9S91BF3fboSJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5084	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 704 wrote to memory of 5084	704	rundll32.exe	89
PID 704 wrote to memory of 5084	704	rundll32.exe	89
PID 704 wrote to memory of 5084	704	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca4547a03b3b92b3ecdec0c2d581e8c35636d0400e9d53efb0ce5eb71839e2aa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca4547a03b3b92b3ecdec0c2d581e8c35636d0400e9d53efb0ce5eb71839e2aa.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:5084