2bb3341f4e096d5c94c19890660efd379bfcee9175c65deff5648eaeca7836b7

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 19:12

Target

2bb3341f4e096d5c94c19890660efd379bfcee9175c65deff5648eaeca7836b7.dll
Size

899KB
MD5

05e01aab753b07bd78315466ffcf1801
SHA1

7862ed0a1ef336997ad5b2aa5dc7ad0629991638
SHA256

2bb3341f4e096d5c94c19890660efd379bfcee9175c65deff5648eaeca7836b7
SHA512

11db7debc606142dfdedc876cf30f35c7c0fe6017d8b02fd89182682c75f8e4a53c3b7d65d076623b37e40cbb60c011fdf77aa1bee050966252b0c4ef5dcdc9c
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX7:7wqd87V7

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3696	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 3696	3768	rundll32.exe	82
PID 3768 wrote to memory of 3696	3768	rundll32.exe	82
PID 3768 wrote to memory of 3696	3768	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bb3341f4e096d5c94c19890660efd379bfcee9175c65deff5648eaeca7836b7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bb3341f4e096d5c94c19890660efd379bfcee9175c65deff5648eaeca7836b7.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3696