abebd43c70ad7e652b1fcc9b8b08a5d25479f126d770faedb410990a99881c06

Analysis

max time kernel
157s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 04:37

Target

abebd43c70ad7e652b1fcc9b8b08a5d25479f126d770faedb410990a99881c06.dll
Size

51KB
MD5

0ec0e356586cec1d14faba804a9497cc
SHA1

87fb715a177a33967ccf729103494f87d017a19e
SHA256

abebd43c70ad7e652b1fcc9b8b08a5d25479f126d770faedb410990a99881c06
SHA512

f305ee6ea6236e6a8361c12e50b9aa3117f5ba020185f7f9538446acfde76eca37d9a8581c4e30a69ef905f8e028395265e1ea6149fe1559f2fbac3ccf10577d
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLJJYH5:1dWubF3n9S91BF3fboNJYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1832	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 1832	1200	rundll32.exe	88
PID 1200 wrote to memory of 1832	1200	rundll32.exe	88
PID 1200 wrote to memory of 1832	1200	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abebd43c70ad7e652b1fcc9b8b08a5d25479f126d770faedb410990a99881c06.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abebd43c70ad7e652b1fcc9b8b08a5d25479f126d770faedb410990a99881c06.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1832