36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 08:19

Target

36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59.dll
Size

50KB
MD5

ccabe04b53168e03e5ae34f18922a74a
SHA1

c20e95621d7ca4385871215148ec438a7ede26c9
SHA256

36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59
SHA512

70403368caa0e4b646c033d920b487efc16e54f2c4a247450dca210bf76986e8455a187e6655591d16ad94374b511d8a095e5a096b3abc274888c371cdd34dee
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o54JYH:W5ReWjTrW9rNPgYoCJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3624	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 3624	4460	rundll32.exe	87
PID 4460 wrote to memory of 3624	4460	rundll32.exe	87
PID 4460 wrote to memory of 3624	4460	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f946f2ad19469f400d27b279d61a836fd243311d3e3234613800f833432c59.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3624