4bb36d7632ff6ed04e24b10aad368ba82c3e9edc5d3d0b329814b5cae9f46d41

Analysis

max time kernel
134s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 03:11

Target

4bb36d7632ff6ed04e24b10aad368ba82c3e9edc5d3d0b329814b5cae9f46d41.dll
Size

51KB
MD5

24458d9acd7880c1ee5ef7c6301ae6a3
SHA1

9419dca1ba70696c7bb8d9d85aff65b92583d7f7
SHA256

4bb36d7632ff6ed04e24b10aad368ba82c3e9edc5d3d0b329814b5cae9f46d41
SHA512

cecbc6a8e1d220b244f1b5f7dd835c1859f082db6c4e3b8980cce598133c45a1a9a25925c97469b9a09995ded445a2b0896d086f2390843ea075efe5184797ab
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL0JYH5:1dWubF3n9S91BF3fboAJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4948	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4948	4960	rundll32.exe	82
PID 4960 wrote to memory of 4948	4960	rundll32.exe	82
PID 4960 wrote to memory of 4948	4960	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb36d7632ff6ed04e24b10aad368ba82c3e9edc5d3d0b329814b5cae9f46d41.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb36d7632ff6ed04e24b10aad368ba82c3e9edc5d3d0b329814b5cae9f46d41.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4948