85601f2f5d735f79258ce4319c485c49e6fa8a221b9b94318ce86593d5fdd2ab

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 01:42

Target

85601f2f5d735f79258ce4319c485c49e6fa8a221b9b94318ce86593d5fdd2ab.dll
Size

899KB
MD5

4d559817f7c9c615b2d46bc5881dcba5
SHA1

037d349f6939ed592b608b4ff44630f88edb21b8
SHA256

85601f2f5d735f79258ce4319c485c49e6fa8a221b9b94318ce86593d5fdd2ab
SHA512

9c616e0e1f6448c58984c90bcba5b322683d8687ba5e04812c043d559d95d748a065df61932e4ff61a352ca90eb9ba6fe6c30cbc0cd9bfdc5d251fb2babb5dce
SSDEEP

24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXi:7wqd87Vi

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2172	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 2172	4032	rundll32.exe	90
PID 4032 wrote to memory of 2172	4032	rundll32.exe	90
PID 4032 wrote to memory of 2172	4032	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85601f2f5d735f79258ce4319c485c49e6fa8a221b9b94318ce86593d5fdd2ab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\85601f2f5d735f79258ce4319c485c49e6fa8a221b9b94318ce86593d5fdd2ab.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2172