aefe943d9fe0dc93db16c7cd3e8ec0770e111d80e8e0ddc2ada6fdb8a07b57fb

Analysis

max time kernel
92s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 06:40

Target

aefe943d9fe0dc93db16c7cd3e8ec0770e111d80e8e0ddc2ada6fdb8a07b57fb.dll
Size

51KB
MD5

eb074fcfcebed6993813d187524656cd
SHA1

fdce122e272963909ee00f0eaba65ac1eb1fd0b5
SHA256

aefe943d9fe0dc93db16c7cd3e8ec0770e111d80e8e0ddc2ada6fdb8a07b57fb
SHA512

574ab5c0650f3b4c65f96ef73fe311a57f0d0932fa41b1208f56495c9b047577e78222eb805a3ca3a6480e711c294c59503fa2f9941582c3762802c77dcc591c
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezOsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBJpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5000	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 5000	2648	rundll32.exe	83
PID 2648 wrote to memory of 5000	2648	rundll32.exe	83
PID 2648 wrote to memory of 5000	2648	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aefe943d9fe0dc93db16c7cd3e8ec0770e111d80e8e0ddc2ada6fdb8a07b57fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aefe943d9fe0dc93db16c7cd3e8ec0770e111d80e8e0ddc2ada6fdb8a07b57fb.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:5000