65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 13:32

Target

65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e.dll
Size

50KB
MD5

65ebafeecef39acc58f3c697c7a860f2
SHA1

a24478edb8f95aed8dcd8a35634ef29eb4f3d70e
SHA256

65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e
SHA512

d6d6ac05e287083d3633d2fbfd490ea74b4325c2627e2189ff837bb4a20591b07011300118b41eac910acc2d2e1308929764e88657acb0cc6f180b3c3dc9607e
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5hJYH:W5ReWjTrW9rNPgYoTJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1600	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 1600	3636	rundll32.exe	85
PID 3636 wrote to memory of 1600	3636	rundll32.exe	85
PID 3636 wrote to memory of 1600	3636	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65cdd12d63e3a6b76d5db9954606340e20149bc8f864ed9d140ae29d0614af3e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1600