200490755410146917c1ab9f9b4ce824c780e1edc14c6555fca5fc6eb7bd6231

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 22:44

Target

bcffebd1410e17377d338c51d8dd6fb8.dll
Size

1.4MB
MD5

bcffebd1410e17377d338c51d8dd6fb8
SHA1

0fd0209f0f79799a63227e9059452f08eb067036
SHA256

200490755410146917c1ab9f9b4ce824c780e1edc14c6555fca5fc6eb7bd6231
SHA512

506a66032894ef0c65a822363b9c121a9c451742b9f55e0d1786e174779bd6220761a5237407a97585f238fd8dd1359afd26a35e1dc4413256fd3147485f1a36
SSDEEP

12288:jlDTobP0R5qau4eud+0KVfGeoNuOtG9rMIfLpoTp2/WFH8bW7INLtK4dRjKCH/YZ:jlc8g4jdpKVloEz9OIu4d1KCHk

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SkinH_EL.dll	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5236	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 5236	3552	rundll32.exe	89
PID 3552 wrote to memory of 5236	3552	rundll32.exe	89
PID 3552 wrote to memory of 5236	3552	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcffebd1410e17377d338c51d8dd6fb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcffebd1410e17377d338c51d8dd6fb8.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:5236