b172bf504e6bd635d3aae1175cf5ec92bb363ed78b5a3f43d961a4a9175c81cb

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 21:57

Target

b172bf504e6bd635d3aae1175cf5ec92bb363ed78b5a3f43d961a4a9175c81cb.dll
Size

899KB
MD5

2cc1fce398d14faa2ac14351bcb78f8d
SHA1

43da6b6aaf9ab12fa5c0e804deeb9161dcb320ca
SHA256

b172bf504e6bd635d3aae1175cf5ec92bb363ed78b5a3f43d961a4a9175c81cb
SHA512

762fac5977c7fbb6e8f66b4a00216612de2d49e8f4c78b3731959694ffa1f61e522620fd8bc53ce56ddde4d84c164acb6e6c660d2df0c2475768d2df5d23643e
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXN:7wqd87VN

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3000	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 3000	4492	rundll32.exe	86
PID 4492 wrote to memory of 3000	4492	rundll32.exe	86
PID 4492 wrote to memory of 3000	4492	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b172bf504e6bd635d3aae1175cf5ec92bb363ed78b5a3f43d961a4a9175c81cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b172bf504e6bd635d3aae1175cf5ec92bb363ed78b5a3f43d961a4a9175c81cb.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3000