bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 23:22

Target

bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8.dll
Size

899KB
MD5

4b842326be862951ec0a9fa8113b9938
SHA1

0da98885a072d500c43b2f8c50e658f403e0421f
SHA256

bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8
SHA512

0385125fbe0e285745be7a6c490d0e887d8d5689368c76f6d6e92b44fb6bac2a28c04314a709a95f68ac880aa4ddd2539d8163aa7c2027e59dd00cfa26b42b1f
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX9:7wqd87V9

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3644	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 3644	2900	rundll32.exe	53
PID 2900 wrote to memory of 3644	2900	rundll32.exe	53
PID 2900 wrote to memory of 3644	2900	rundll32.exe	53

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb55e2c45287d10df3cf172b644162b547bdf59e2b87635dbe0bd9d8855b9ba8.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3644