912b5415d072e5af3c84a0977e7f78980a4117b67d39f876833265c793634aab

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 14:23

Target

912b5415d072e5af3c84a0977e7f78980a4117b67d39f876833265c793634aab.dll
Size

51KB
MD5

46f01a2c407f4b748dda1dee1109c84c
SHA1

d60fa0811cbefcad350013a60f871a529b3ef6e1
SHA256

912b5415d072e5af3c84a0977e7f78980a4117b67d39f876833265c793634aab
SHA512

138a34a7dce833d3359cb457fd520289d0de56da19f2c2735fbdace1ab8e1e701f88de7b16d2638c1b4c6edc02bd6350351066db362e425e3e4c9e515b0f74e7
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLtJYH5:1dWubF3n9S91BF3fboZJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
408	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 408	3728	rundll32.exe	83
PID 3728 wrote to memory of 408	3728	rundll32.exe	83
PID 3728 wrote to memory of 408	3728	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\912b5415d072e5af3c84a0977e7f78980a4117b67d39f876833265c793634aab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\912b5415d072e5af3c84a0977e7f78980a4117b67d39f876833265c793634aab.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:408