26b15d02ba82abc5813f01f3b9c1ec9e5300d545adcebf8330227655858aaab5

Analysis

max time kernel
139s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2023, 00:26

Target

26b15d02ba82abc5813f01f3b9c1ec9e5300d545adcebf8330227655858aaab5.dll
Size

51KB
MD5

064cec767a298990e12c956f8d19a693
SHA1

583c08b7f28642af7f257952e3c81beb1e91acd2
SHA256

26b15d02ba82abc5813f01f3b9c1ec9e5300d545adcebf8330227655858aaab5
SHA512

4c83d3b3b1c7ea13b14fc3a89242253eb28d408e1749c2b992131ebdf5a90bc1b3d04d3e0374661dabf1ce733dd3322f108811446bda49161be82e61e8bcc2b0
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLqJYH5:1dWubF3n9S91BF3fboWJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4948	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 4948	2520	rundll32.exe	89
PID 2520 wrote to memory of 4948	2520	rundll32.exe	89
PID 2520 wrote to memory of 4948	2520	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26b15d02ba82abc5813f01f3b9c1ec9e5300d545adcebf8330227655858aaab5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26b15d02ba82abc5813f01f3b9c1ec9e5300d545adcebf8330227655858aaab5.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4948