0a063cd4994220ce0d69fcd66b8da3dec123df951604ef210857f577b34a4653

Analysis

max time kernel
134s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 19:19

Target

0a063cd4994220ce0d69fcd66b8da3dec123df951604ef210857f577b34a4653.dll
Size

51KB
MD5

610aa0c0b28181f1881db5492efc6e24
SHA1

0f1e4a6736ef2ec1a119cd6461facaad3ae70ff7
SHA256

0a063cd4994220ce0d69fcd66b8da3dec123df951604ef210857f577b34a4653
SHA512

2a42c641e1b9463a63fc409cac7257036c9760b20e4e25f17202f81db7d95f8573ceb90aa7ccbe35a83cc768cc663bd3b441f8246d3012d0fea92a3bd37842a5
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLYJYH5:1dWubF3n9S91BF3fboEJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5108	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 5108	3220	rundll32.exe	84
PID 3220 wrote to memory of 5108	3220	rundll32.exe	84
PID 3220 wrote to memory of 5108	3220	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a063cd4994220ce0d69fcd66b8da3dec123df951604ef210857f577b34a4653.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a063cd4994220ce0d69fcd66b8da3dec123df951604ef210857f577b34a4653.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:5108