6eff2d7cd87ee24cffe3a92256b7a6a2a70548614760b68653423a0e2e0abbbf

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 21:36

Target

6eff2d7cd87ee24cffe3a92256b7a6a2a70548614760b68653423a0e2e0abbbf.dll
Size

50KB
MD5

bc4d8defffb2816e73d96c1fcf2b0933
SHA1

59eb6688991f72ad6db42d4b5e8b36bd67909b57
SHA256

6eff2d7cd87ee24cffe3a92256b7a6a2a70548614760b68653423a0e2e0abbbf
SHA512

e4da755ae4d8d7ea2674d85928ade8ef3ef2e9fc0f038607d09736c10c5e63a56c4b509e08faf3a3728acecc814e1fdab05faa1caf60b267c91cd0ef652daa65
SSDEEP

1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5TJYH:W5ReWjTrW9rNPgYoBJYH

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2412	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 2412	1144	rundll32.exe	85
PID 1144 wrote to memory of 2412	1144	rundll32.exe	85
PID 1144 wrote to memory of 2412	1144	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6eff2d7cd87ee24cffe3a92256b7a6a2a70548614760b68653423a0e2e0abbbf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6eff2d7cd87ee24cffe3a92256b7a6a2a70548614760b68653423a0e2e0abbbf.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2412