446a0b5cd3ac3186eded95ba8baf71a3924737905831d1f759b223c20e066ae8

Analysis

max time kernel
91s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 05:38

Target

446a0b5cd3ac3186eded95ba8baf71a3924737905831d1f759b223c20e066ae8.dll
Size

50KB
MD5

2228182e0da656650d38719fdf97ddbe
SHA1

ceb71ece800e9d477104803ee557e4231971c6a1
SHA256

446a0b5cd3ac3186eded95ba8baf71a3924737905831d1f759b223c20e066ae8
SHA512

eae5dfad8089211ace19fe57cde465f7b8b3ef490b3b6f7ec9e943425ccd1a76b436b8a5330b4abb9c2f1f1794e677d8098da00ae218ab93097dec13a3f7602c
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5LJYH:W5ReWjTrW9rNPgYolJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3980	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 3980	2560	rundll32.exe	83
PID 2560 wrote to memory of 3980	2560	rundll32.exe	83
PID 2560 wrote to memory of 3980	2560	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\446a0b5cd3ac3186eded95ba8baf71a3924737905831d1f759b223c20e066ae8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\446a0b5cd3ac3186eded95ba8baf71a3924737905831d1f759b223c20e066ae8.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3980