6c3b9c39648809ecc07c9a5cccc690c9d94fb7c5119728ea12c1d6f8f5a3cd17

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 06:38

Target

8e78dfa1c80a184e8b9664aed7a985f4.dll
Size

24KB
MD5

8e78dfa1c80a184e8b9664aed7a985f4
SHA1

a150dc26e6a8822b125a5989cfd6ff5a0ae9707b
SHA256

6c3b9c39648809ecc07c9a5cccc690c9d94fb7c5119728ea12c1d6f8f5a3cd17
SHA512

b0a9640601c1c9ba5ad5725896b3c2903c78f1b96536ec7e8e0e5c3e88de21d0f15a03de63620648a5d5ad9149c742760e2bf48773fc18ff82d439522b8851ea
SSDEEP

384:uRCJ8mkOMEPbqqCs3yOGvEVYDBtmeanVMJpErGsaHM2QngH417ZzWiKn8clxEYbi:PJ5zdDxF3yOGMVY/za1roH/Qi4DlWx4

Score

4^/10

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\linkinfo.dll1081271349	rundll32.exe
File created	C:\Windows\linkinfo.dll	rundll32.exe
File created	C:\Windows\twain_86.dll	rundll32.exe
File opened for modification	C:\Windows\clbcatq.dll879636285	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 6064	452	rundll32.exe	20
PID 452 wrote to memory of 6064	452	rundll32.exe	20
PID 452 wrote to memory of 6064	452	rundll32.exe	20

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e78dfa1c80a184e8b9664aed7a985f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e78dfa1c80a184e8b9664aed7a985f4.dll,#1
  2⤵
  - Drops file in Windows directory
  PID:6064

memory/6064-0-0x0000000013140000-0x000000001314A000-memory.dmp

Filesize
40KB

Download
memory/6064-1-0x0000000013140000-0x000000001314A000-memory.dmp

Filesize
40KB

Download
memory/6064-4-0x0000000013140000-0x000000001314A000-memory.dmp

Filesize
40KB

Download