f28d7e4bfd5e5f8204e7b58cd351f68c0d9b523a5a1a4f0ee38263ea5130641e

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:36

Target

f28d7e4bfd5e5f8204e7b58cd351f68c0d9b523a5a1a4f0ee38263ea5130641e.dll
Size

899KB
MD5

8b25430e5d19366b6dc2630f5f6252f2
SHA1

e8c102e7c819ecb551221b4cf1cf1240289d1f1b
SHA256

f28d7e4bfd5e5f8204e7b58cd351f68c0d9b523a5a1a4f0ee38263ea5130641e
SHA512

b3fc431dc3af498dc7adc2690a833f02b3154065e8d49565df7b93a334a620b42f937e44e8fbbda30e4eefa7952e51df8d295827ec0db43df7f664e7daeca3ea
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXS:7wqd87VS

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1828	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1828	1184	rundll32.exe	57
PID 1184 wrote to memory of 1828	1184	rundll32.exe	57
PID 1184 wrote to memory of 1828	1184	rundll32.exe	57

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f28d7e4bfd5e5f8204e7b58cd351f68c0d9b523a5a1a4f0ee38263ea5130641e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f28d7e4bfd5e5f8204e7b58cd351f68c0d9b523a5a1a4f0ee38263ea5130641e.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1828