992710634173f9ece6f114a5e06a8f960cb0079059d08390a40b08a13214d331

Analysis

max time kernel
144s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 22:15

Target

1e2c3009fc8865c506bea46c431e5a28.dll
Size

160KB
MD5

1e2c3009fc8865c506bea46c431e5a28
SHA1

dbc6b7de5524ad3bdbf05065ebb9236ba8929e2f
SHA256

992710634173f9ece6f114a5e06a8f960cb0079059d08390a40b08a13214d331
SHA512

18d01ce7ae00e72d509ba7c9090342a74bca8d9ab7e1d210dc3271be6f73dac8fb484f55e4f6b49ec36b66bc6a310e8f7f3bc944391e6c3593cdd722dbcd95b5
SSDEEP

3072:M4B8alYkA2vTLkGh3SlrmsVJK72qDwJ+o0D+xDfRpr9LNvfM3qxB3qhTBfEY/Iu9:C8ZLQGAlp3GgS+xTzvfM6qhTB

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\1e8dc650ed.dll	rundll32.exe
File created	C:\Windows\SysWOW64\1e8dc650ed.dll	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 2500	444	rundll32.exe	13
PID 444 wrote to memory of 2500	444	rundll32.exe	13
PID 444 wrote to memory of 2500	444	rundll32.exe	13

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e2c3009fc8865c506bea46c431e5a28.dll,#1
1⤵
- Drops file in System32 directory
PID:2500

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e2c3009fc8865c506bea46c431e5a28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:444

memory/2500-0-0x0000000000600000-0x000000000062D000-memory.dmp

Filesize
180KB

Download