3c60dbc7f65a0d3cf71356015c453b56e885901dfec4b014e1de2749d02add48

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 00:01

Target

a0b029447012ba175873f21f7c5877bc.dll
Size

87KB
MD5

a0b029447012ba175873f21f7c5877bc
SHA1

966cd098fa499a97c4602dc6e0e2472e5447a6d7
SHA256

3c60dbc7f65a0d3cf71356015c453b56e885901dfec4b014e1de2749d02add48
SHA512

aa45b7d01b43cf0c4af8d43f7ae0e92f2a1ef5be8fc029bd38412e8b0070b85cf28bd73c890dbd75ae6335f45040aa58100d73743ae44dc42d702575119e7cee
SSDEEP

1536:iHL+OJY9koUzAL6wS1z/fYc5Cygfxc8EtHzH8cks2Yo:ir+A+kO6wgXY+Cy6xc8QHzH8cks2Yo

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\beep.sys	rundll32.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
676	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 2992	3888	rundll32.exe	84
PID 3888 wrote to memory of 2992	3888	rundll32.exe	84
PID 3888 wrote to memory of 2992	3888	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0b029447012ba175873f21f7c5877bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0b029447012ba175873f21f7c5877bc.dll,#1
  2⤵
  - Drops file in Drivers directory
  PID:2992