396811b98afcd5243ced6cbd241a8fd92fdd44d5d43afba01d62a12cf6d11d09

Analysis

max time kernel
146s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 04:51

Target

396811b98afcd5243ced6cbd241a8fd92fdd44d5d43afba01d62a12cf6d11d09.dll
Size

51KB
MD5

68c7fccfe1c5cfcbf82dbeb6f30c80e4
SHA1

bb424abf0e8ce6c0b9fd394aaca9189097fc7cff
SHA256

396811b98afcd5243ced6cbd241a8fd92fdd44d5d43afba01d62a12cf6d11d09
SHA512

a56c640eff71ea68c3f9200c5ec1ff4fe38fc2eb389efcf7e1d250a8ea20d75e9e21e2213d96c88ebc4f944fffff6b6079731a29792daaf8b8eefc44fe841eaa
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLiJYH5:1dWubF3n9S91BF3fboWJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4920	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 4920	2532	rundll32.exe	82
PID 2532 wrote to memory of 4920	2532	rundll32.exe	82
PID 2532 wrote to memory of 4920	2532	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\396811b98afcd5243ced6cbd241a8fd92fdd44d5d43afba01d62a12cf6d11d09.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\396811b98afcd5243ced6cbd241a8fd92fdd44d5d43afba01d62a12cf6d11d09.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4920