58b8c72edb1b59d114cd93ec15d29c3be5c5d694b9dcf391add1371e05a0693c

Analysis

max time kernel
145s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 07:32

Target

58b8c72edb1b59d114cd93ec15d29c3be5c5d694b9dcf391add1371e05a0693c.dll
Size

899KB
MD5

9f91c5e50aa46826b032e978748eb4d4
SHA1

d6231704ff239ee07200b1f6b325cc31d6200c14
SHA256

58b8c72edb1b59d114cd93ec15d29c3be5c5d694b9dcf391add1371e05a0693c
SHA512

ac819bc80950ca7b555b3e7df0467f1f7e924faeb12c6ecc32926f22d8b556b39c9d39513b8b63ea484012c6912680c1b43d7a5f84c2770579d0ae4a44eecefe
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXq:7wqd87Vq

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4880	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 4880	4148	rundll32.exe	44
PID 4148 wrote to memory of 4880	4148	rundll32.exe	44
PID 4148 wrote to memory of 4880	4148	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58b8c72edb1b59d114cd93ec15d29c3be5c5d694b9dcf391add1371e05a0693c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58b8c72edb1b59d114cd93ec15d29c3be5c5d694b9dcf391add1371e05a0693c.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4880