c89c7b35a7a0a31663e07c727446799087b6ee8ad8d4ec1c7a86811a161cf137

Analysis

max time kernel
140s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 14:46

Target

c89c7b35a7a0a31663e07c727446799087b6ee8ad8d4ec1c7a86811a161cf137.dll
Size

51KB
MD5

86cb64c6a8ae69031178657db8bc617e
SHA1

3bb11f7907a08aa492c3ce48ef8407b747317f78
SHA256

c89c7b35a7a0a31663e07c727446799087b6ee8ad8d4ec1c7a86811a161cf137
SHA512

1701b486cbcf49a8b22ae8168b322d86b873b03f84ffbc835b8805068454d49496784af49266b73c3adc37b5a896ad0e6ca7d304d07211d78b53a9a84173d81b
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLiJYH5:1dWubF3n9S91BF3fbo+JYH5

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3280	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 3280	1648	rundll32.exe	83
PID 1648 wrote to memory of 3280	1648	rundll32.exe	83
PID 1648 wrote to memory of 3280	1648	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c89c7b35a7a0a31663e07c727446799087b6ee8ad8d4ec1c7a86811a161cf137.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c89c7b35a7a0a31663e07c727446799087b6ee8ad8d4ec1c7a86811a161cf137.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3280