990d6c1bcefd7bf2a45df2da0d30291dd8b3528875322058cbfcb55ecb831210

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 18:08

Target

990d6c1bcefd7bf2a45df2da0d30291dd8b3528875322058cbfcb55ecb831210.dll
Size

899KB
MD5

78b30763cdb9fb68cae107cea479042f
SHA1

1367eb57a115a2d1fd85584b840ad4043c0ea83f
SHA256

990d6c1bcefd7bf2a45df2da0d30291dd8b3528875322058cbfcb55ecb831210
SHA512

97af7d95628f1d11702c05c2320cea8f14c4eaf651bb556179cf6c5ce7e83e46f0e3099907670cb588dacb459cdabdf5f31555d562f8439649f247b02cf7a3ca
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXg:7wqd87Vg

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3280	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 3280	1984	rundll32.exe	84
PID 1984 wrote to memory of 3280	1984	rundll32.exe	84
PID 1984 wrote to memory of 3280	1984	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\990d6c1bcefd7bf2a45df2da0d30291dd8b3528875322058cbfcb55ecb831210.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\990d6c1bcefd7bf2a45df2da0d30291dd8b3528875322058cbfcb55ecb831210.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3280