578326b71de1786881d82149f1ff44a37defa9e8563d78952274044dd81d4c78

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:11

Target

578326b71de1786881d82149f1ff44a37defa9e8563d78952274044dd81d4c78.dll
Size

51KB
MD5

2dda64a61dcbc8a0276fe943b7f462c1
SHA1

90307298a71dc5f35c98b245f437ab0da6d9c755
SHA256

578326b71de1786881d82149f1ff44a37defa9e8563d78952274044dd81d4c78
SHA512

cef6fc404b839c0acd6b77ce084c9c322250a35d685a3703c4b73cac2a14d20def6d3331ab6aee3ce51eeb4cc716c86ff135f347c23f03d15ec6f2cfb0337c55
SSDEEP

768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezksAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBrpMC6H

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
888	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 888	5116	rundll32.exe	16
PID 5116 wrote to memory of 888	5116	rundll32.exe	16
PID 5116 wrote to memory of 888	5116	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\578326b71de1786881d82149f1ff44a37defa9e8563d78952274044dd81d4c78.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\578326b71de1786881d82149f1ff44a37defa9e8563d78952274044dd81d4c78.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:888