e2b9aacc1ffcc2731886041e8e497a31f55268e62786184fef0295d10306e0b3

Analysis

max time kernel
170s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 21:14

Target

e2b9aacc1ffcc2731886041e8e497a31f55268e62786184fef0295d10306e0b3.dll
Size

51KB
MD5

152a5373639e782ca2372b512c7df6b2
SHA1

b90e4d91dccba68d6a44a47345ee85667a007c10
SHA256

e2b9aacc1ffcc2731886041e8e497a31f55268e62786184fef0295d10306e0b3
SHA512

d77d24c71f626313689c6781fa580d826a0c1bcc0cf4b810f865030eefd812d07908be460daa3aeeca69537109db61b4798dcfc5e66d6ed54dbcc1c8880f2423
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLCJYH5:1dWubF3n9S91BF3fboOJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2476	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2476	2160	rundll32.exe	37
PID 2160 wrote to memory of 2476	2160	rundll32.exe	37
PID 2160 wrote to memory of 2476	2160	rundll32.exe	37

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2b9aacc1ffcc2731886041e8e497a31f55268e62786184fef0295d10306e0b3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2b9aacc1ffcc2731886041e8e497a31f55268e62786184fef0295d10306e0b3.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2476