e6495b0bb1bbb783eeeff60189257948ceead7844f40acbb52f84a51e4e5fca9

Analysis

max time kernel
138s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 15:24

Target

e6495b0bb1bbb783eeeff60189257948ceead7844f40acbb52f84a51e4e5fca9.dll
Size

51KB
MD5

771f460f555c180fac49c84cbfe81ebd
SHA1

83678b0a547d99127a4db3d169f5077b3cc341e6
SHA256

e6495b0bb1bbb783eeeff60189257948ceead7844f40acbb52f84a51e4e5fca9
SHA512

6bf0365f9cda63234e21e9f5bc1ec8dba4b8587ec64c12009e470a8cfc66b71b7149a3d26ae1855e3f10a1012b1faf163a9190916777e847795db2cc886325a6
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBeznsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBspMC6H

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E56B72F9-3845-4451-964D-A59B9012AFFF}.catalogItem	svchost.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2104	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 2104	3660	rundll32.exe	84
PID 3660 wrote to memory of 2104	3660	rundll32.exe	84
PID 3660 wrote to memory of 2104	3660	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6495b0bb1bbb783eeeff60189257948ceead7844f40acbb52f84a51e4e5fca9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6495b0bb1bbb783eeeff60189257948ceead7844f40acbb52f84a51e4e5fca9.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2104

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:2076