b2bc1f5952a7abe2d3a724199948b368ccae92d19c3bf8063a5bf157a8360cac

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2023 09:24

Target

b2bc1f5952a7abe2d3a724199948b368ccae92d19c3bf8063a5bf157a8360cac.dll
Size

899KB
MD5

55d3419114b2c008b10a3be3336ed5bd
SHA1

d9f7a37386dc3709753f48d71d65cd0a0610b612
SHA256

b2bc1f5952a7abe2d3a724199948b368ccae92d19c3bf8063a5bf157a8360cac
SHA512

8b70b06a9ec84cc9e5ca0ae206f1c7e9bdbb8f0caf195522b6fad4cc5ac87a091e1f14c0f43fa0ba4be94ee28c277addd0c4734977208496ac8787202ab6ad01
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX3:7wqd87V3

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3236	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 3236	4916	rundll32.exe	83
PID 4916 wrote to memory of 3236	4916	rundll32.exe	83
PID 4916 wrote to memory of 3236	4916	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2bc1f5952a7abe2d3a724199948b368ccae92d19c3bf8063a5bf157a8360cac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2bc1f5952a7abe2d3a724199948b368ccae92d19c3bf8063a5bf157a8360cac.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3236