9942bbb8b57d1dd326defbb46c8d2cd32e8499269c6961e8fca67e9180f35a82

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 19:14

Target

9942bbb8b57d1dd326defbb46c8d2cd32e8499269c6961e8fca67e9180f35a82.dll
Size

899KB
MD5

f6852a242f779f34f1761e336e332750
SHA1

1ec38f589bd3d101b73f1c684f25553adcc29aba
SHA256

9942bbb8b57d1dd326defbb46c8d2cd32e8499269c6961e8fca67e9180f35a82
SHA512

2925ecbfa4f729c7c641c95c47d82b9c3df5561080e3b80e5d24bb02a08da3b1cd789d61d5d9c8906e0b6a4afb75639fc971ccb013380941a74e1c3b83d0fc5d
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXP:7wqd87VP

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2388	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 2388	5100	rundll32.exe	84
PID 5100 wrote to memory of 2388	5100	rundll32.exe	84
PID 5100 wrote to memory of 2388	5100	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9942bbb8b57d1dd326defbb46c8d2cd32e8499269c6961e8fca67e9180f35a82.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9942bbb8b57d1dd326defbb46c8d2cd32e8499269c6961e8fca67e9180f35a82.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2388