c808f19800fb64e870098457cdbb09907253cb1ee15738b036daca070bb1a249

Analysis

max time kernel
138s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 18:40

Target

65c0616d8e26a4602bf3cb9c5a8e8a26.dll
Size

87KB
MD5

65c0616d8e26a4602bf3cb9c5a8e8a26
SHA1

887020a08ea17d11f8c1d3bf5fcc8cc0cc201e98
SHA256

c808f19800fb64e870098457cdbb09907253cb1ee15738b036daca070bb1a249
SHA512

3e06111b21a590b2a7e18516c696bedfbb1e74216a100a02cfe5be5db7cc807517edd75c4099732014f6bd6a75fb8d79927f0fb913600a26dcf092b878dd19f0
SSDEEP

1536:vGjnzpwWb8U1Dq4jW36Oi0cu6kfRUsStAwdSiGsWuBk:ujlwG7jTOi0Z6WRUsSqwdSiGsWmk

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\beep.sys	rundll32.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
664	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 2768	4772	rundll32.exe	86
PID 4772 wrote to memory of 2768	4772	rundll32.exe	86
PID 4772 wrote to memory of 2768	4772	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65c0616d8e26a4602bf3cb9c5a8e8a26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65c0616d8e26a4602bf3cb9c5a8e8a26.dll,#1
  2⤵
  - Drops file in Drivers directory
  PID:2768