ee516b11cb748df6480bf7f410adea3776673648dc35ee59e34f7793b2662b27

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 22:04

Target

ee516b11cb748df6480bf7f410adea3776673648dc35ee59e34f7793b2662b27.dll
Size

899KB
MD5

baee16d55a7733215d0a735b77ad4d04
SHA1

49e2ea0755c3578f5f17781d7c659d953c2f88e7
SHA256

ee516b11cb748df6480bf7f410adea3776673648dc35ee59e34f7793b2662b27
SHA512

13f6c67ae8524608aeff2dafadf3455236b21f1e41a26b93fbbd4685a7f6378bb5eb07cfc3b7d4e19e0ac0b6d33e65596e5832995443eed47d59a255c41494bb
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXB:7wqd87VB

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4944	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 4944	4620	rundll32.exe	83
PID 4620 wrote to memory of 4944	4620	rundll32.exe	83
PID 4620 wrote to memory of 4944	4620	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee516b11cb748df6480bf7f410adea3776673648dc35ee59e34f7793b2662b27.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ee516b11cb748df6480bf7f410adea3776673648dc35ee59e34f7793b2662b27.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4944